File name:

IDM.6.41.b.6.kuyhAa.Me.zip

Full analysis: https://app.any.run/tasks/1d6acf1a-bdf7-472e-b888-157116acbc86
Verdict: Malicious activity
Analysis date: November 18, 2023, 14:09:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

0C8B3D98D53ACF1D91C51D6E90BD0F69

SHA1:

0D07E9D1A687C051038DF5ED187C8D2A22FBA17C

SHA256:

2996715BFB4E60F7806C999EF805A6576DD290AE46109F988E892CB1BE99342B

SSDEEP:

196608:aZHoB3CFU5Ho0bkszT5f8E/IH/pG2SY8s/JQA:agjookMT5f8E/E0zYZ/CA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • IDMan.exe (PID: 3900)

    • Creates a writable file the system directory

      • rundll32.exe (PID: 4036)

    • Starts NET.EXE for service management

      • Uninstall.exe (PID: 4064)
      • net.exe (PID: 3708)

    • Actions looks like stealing of personal data

      • IDMan.exe (PID: 1272)

  • SUSPICIOUS

    • Starts application with an unusual extension

      • idman641build6.kuyhAa.exe (PID: 3688)

    • The process creates files with name similar to system file names

      • IDM1.tmp (PID: 3644)

    • Reads the Internet Settings

      • IDM1.tmp (PID: 3644)
      • IDMan.exe (PID: 3900)
      • Uninstall.exe (PID: 4064)
      • runonce.exe (PID: 4088)
      • IDMan.exe (PID: 1272)
      • IDMan.exe (PID: 856)

    • Checks Windows Trust Settings

      • IDMan.exe (PID: 3900)
      • IDMan.exe (PID: 1272)

    • Reads security settings of Internet Explorer

      • IDMan.exe (PID: 3900)
      • IDMan.exe (PID: 1272)

    • Creates/Modifies COM task schedule object

      • IDMan.exe (PID: 3900)
      • Uninstall.exe (PID: 4064)

    • Uses RUNDLL32.EXE to load library

      • Uninstall.exe (PID: 4064)

    • Drops a system driver (possible attempt to evade defenses)

      • rundll32.exe (PID: 4036)

    • Reads settings of System Certificates

      • IDMan.exe (PID: 3900)
      • IDMan.exe (PID: 1272)

    • Creates or modifies Windows services

      • Uninstall.exe (PID: 4064)

  • INFO

    • Manual execution by a user

      • idman641build6.kuyhAa.exe (PID: 3480)
      • idman641build6.kuyhAa.exe (PID: 3688)
      • firefox.exe (PID: 3892)
      • wmpnscfg.exe (PID: 3488)
      • taskmgr.exe (PID: 3088)
      • IDMan.exe (PID: 856)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3448)
      • rundll32.exe (PID: 4036)
      • dllhost.exe (PID: 2868)

    • Checks supported languages

      • idman641build6.kuyhAa.exe (PID: 3688)
      • IDM1.tmp (PID: 3644)
      • idmBroker.exe (PID: 3916)
      • IDMan.exe (PID: 3900)
      • Uninstall.exe (PID: 4064)
      • MediumILStart.exe (PID: 1576)
      • IEMonitor.exe (PID: 1876)
      • IDMan.exe (PID: 1272)
      • wmpnscfg.exe (PID: 3488)
      • IDMan.exe (PID: 856)
      • IEMonitor.exe (PID: 3052)

    • Create files in a temporary directory

      • idman641build6.kuyhAa.exe (PID: 3688)
      • IDM1.tmp (PID: 3644)
      • IDMan.exe (PID: 3900)
      • IDMan.exe (PID: 1272)
      • IDMan.exe (PID: 856)

    • Reads the machine GUID from the registry

      • IDM1.tmp (PID: 3644)
      • IDMan.exe (PID: 3900)
      • MediumILStart.exe (PID: 1576)
      • IDMan.exe (PID: 1272)
      • wmpnscfg.exe (PID: 3488)
      • IDMan.exe (PID: 856)

    • Creates files or folders in the user directory

      • IDM1.tmp (PID: 3644)
      • IDMan.exe (PID: 3900)
      • IDMan.exe (PID: 1272)

    • Creates files in the program directory

      • IDM1.tmp (PID: 3644)
      • IDMan.exe (PID: 3900)

    • Reads the computer name

      • IDMan.exe (PID: 3900)
      • IDM1.tmp (PID: 3644)
      • Uninstall.exe (PID: 4064)
      • MediumILStart.exe (PID: 1576)
      • IDMan.exe (PID: 1272)
      • IEMonitor.exe (PID: 1876)
      • wmpnscfg.exe (PID: 3488)
      • IDMan.exe (PID: 856)

    • Creates files in the driver directory

      • rundll32.exe (PID: 4036)

    • Reads the time zone

      • runonce.exe (PID: 4088)

    • Application launched itself

      • firefox.exe (PID: 3892)
      • firefox.exe (PID: 4044)

    • Checks proxy server information

      • IDMan.exe (PID: 1272)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2022:12:03 05:56:40
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: IDM.6.41.b.6.kuyhAa.Me/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
80
Monitored processes
32
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe no specs idman641build6.kuyhaa.exe no specs idman641build6.kuyhaa.exe idm1.tmp no specs idmbroker.exe no specs idman.exe firefox.exe no specs uninstall.exe no specs firefox.exe no specs firefox.exe rundll32.exe no specs runonce.exe no specs grpconv.exe no specs net.exe no specs net1.exe no specs mediumilstart.exe no specs firefox.exe no specs firefox.exe no specs idman.exe iemonitor.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs wmpnscfg.exe no specs firefox.exe no specs firefox.exe no specs taskmgr.exe no specs Copy/Move/Rename/Delete/Link Object no specs idman.exe no specs iemonitor.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
608"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4044.0.174610699\1253650564" -parentBuildID 20230710165010 -prefsHandle 1120 -prefMapHandle 1112 -prefsLen 28523 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cec4591-e526-4732-9cb9-93e9ee98d943} 4044 "\\.\pipe\gecko-crash-server-pipe.4044" 1192 d6a8ca0 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
1
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
680"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4044.7.123600962\100977427" -childID 6 -isForBrowser -prefsHandle 2092 -prefMapHandle 1992 -prefsLen 29366 -prefMapSize 244195 -jsInitHandle 924 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ce3e244-6888-444f-ba3d-3753afc0776f} 4044 "\\.\pipe\gecko-crash-server-pipe.4044" 2376 217b6e00 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
856"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4044.3.539058290\878515058" -childID 2 -isForBrowser -prefsHandle 2936 -prefMapHandle 2928 -prefsLen 34225 -prefMapSize 244195 -jsInitHandle 924 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4baeb056-833d-4790-b0c4-df23362cfd87} 4044 "\\.\pipe\gecko-crash-server-pipe.4044" 2948 1f39bc90 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
856"C:\Program Files\Internet Download Manager\IDMan.exe" C:\Program Files\Internet Download Manager\IDMan.exeexplorer.exe
User:
admin
Company:
Tonec Inc.
Integrity Level:
MEDIUM
Description:
Internet Download Manager (IDM)
Exit code:
0
Version:
6, 41, 6, 2
Modules
Images
c:\program files\internet download manager\idman.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1272"C:\Program Files\Internet Download Manager\IDMan.exe" -EmbeddingC:\Program Files\Internet Download Manager\IDMan.exe
svchost.exe
User:
admin
Company:
Tonec Inc.
Integrity Level:
MEDIUM
Description:
Internet Download Manager (IDM)
Exit code:
3489660927
Version:
6, 41, 6, 2
Modules
Images
c:\program files\internet download manager\idman.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1576"C:\Program Files\Internet Download Manager\MediumILStart.exe"C:\Program Files\Internet Download Manager\MediumILStart.exeIDMan.exe
User:
admin
Company:
Internet Download Manager, Tonec Inc.
Integrity Level:
MEDIUM
Description:
IDM module
Exit code:
0
Version:
6, 35, 9, 1
Modules
Images
c:\program files\internet download manager\mediumilstart.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1876"C:\Program Files\Internet Download Manager\IEMonitor.exe"C:\Program Files\Internet Download Manager\IEMonitor.exeIDMan.exe
User:
admin
Company:
Tonec Inc.
Integrity Level:
MEDIUM
Description:
Internet Download Manager agent for click monitoring in IE-based browsers
Exit code:
0
Version:
6, 37, 8, 1
Modules
Images
c:\program files\internet download manager\iemonitor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1892"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4044.1.2078969166\348885928" -parentBuildID 20230710165010 -prefsHandle 1432 -prefMapHandle 1428 -prefsLen 28600 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3866181-7215-488d-93b3-7de6099e0d4c} 4044 "\\.\pipe\gecko-crash-server-pipe.4044" 1444 d61b1a0 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2516"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4044.6.684837045\1710777205" -childID 5 -isForBrowser -prefsHandle 4012 -prefMapHandle 3988 -prefsLen 34332 -prefMapSize 244195 -jsInitHandle 924 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2436d682-facf-4cd1-b35d-385423a80320} 4044 "\\.\pipe\gecko-crash-server-pipe.4044" 3924 217b63f0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2584"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4044.4.308190640\304194261" -childID 3 -isForBrowser -prefsHandle 3532 -prefMapHandle 2880 -prefsLen 29209 -prefMapSize 244195 -jsInitHandle 924 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e5c1fb2-d524-400d-8aba-fe3d68b40076} 4044 "\\.\pipe\gecko-crash-server-pipe.4044" 3540 1c55a9b0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
Total events
26 502
Read events
26 181
Write events
226
Delete events
95

Modification events

(PID) Process:(3448) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17A\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3448) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3448) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3448) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3448) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3448) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3448) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3448) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3644) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
Operation:writeName:PendingFileRenameOperations
Value:
\??\C:\Users\admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
(PID) Process:(3644) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}
Operation:writeName:RunAs
Value:
Interactive User
Executable files
15
Suspicious files
130
Text files
35
Unknown types
0

Dropped files

PID
Process
Filename
Type
3448WinRAR.exeC:\Users\admin\Desktop\IDM.6.41.b.6.kuyhAa.Me\KeyReg.regtext
MD5:1B6478C9C0CB02CF490E2987C8D09847
SHA256:A2F957CE93E230F29C25FA78514D244CA80021E72F915023D291470D0504B8D5
3448WinRAR.exeC:\Users\admin\Desktop\IDM.6.41.b.6.kuyhAa.Me\Langkah Menggunakan Jamu.txttext
MD5:D63EC2EBFBC5BFFECD2FF3979FCDD993
SHA256:04EA321AE4D5CC20B139D665132DA0450667193DA5ECB456E028C91172CF9E86
3448WinRAR.exeC:\Users\admin\Desktop\IDM.6.41.b.6.kuyhAa.Me\Jamu\kuyhAa.Me.urltext
MD5:B6F5CE7267C50CF195B1AE2A8EAEC913
SHA256:ED77A3BC71138AB5CCD49ABA225514AC860B7251EE16DB3A2B91FD4719F9D291
3448WinRAR.exeC:\Users\admin\Desktop\IDM.6.41.b.6.kuyhAa.Me\Jamu\IDMan.exeexecutable
MD5:52672DED39551AA2D0D8E0BCE2C303CF
SHA256:E54E7B7E8A10DAA6014EB1C994DFAE422DA8E614327DF05661C51742B5D3B30A
3448WinRAR.exeC:\Users\admin\Desktop\IDM.6.41.b.6.kuyhAa.Me\www.kuyhaa.me.urltext
MD5:020A2175CD00353419BA86941FAF6ECB
SHA256:0FAD91A7D23B2A63EB58C402D7D2609CC11932F9DF35B69A3EC45783737CFF35
3448WinRAR.exeC:\Users\admin\Desktop\IDM.6.41.b.6.kuyhAa.Me\Settings.Anti.Notif.Update.regtext
MD5:D4C096EDA260A707434CC0DE137ABBDF
SHA256:9CABC1743B35B773F09FFF97DA60EA49323FA56284768B1FC9D9D7A22E944423
3644IDM1.tmpC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnkbinary
MD5:502B252609C6BEB3EB09EDE6DDCDB58C
SHA256:65B246D4891C803FD880D80B7E8DD8D2155590F221518D4BBBC356843DBA40AD
3644IDM1.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnkbinary
MD5:BB47D0A39486F7CDC5A10F644F133D19
SHA256:878E9CE647120C5A8A7573A22A1AD40064B2439E38FBD3D5C98A976A4DD4269C
3448WinRAR.exeC:\Users\admin\Desktop\IDM.6.41.b.6.kuyhAa.Me\Jamu\Lokasi Paste Crack.lnkbinary
MD5:FF6CDB9B107C6CEE39C536882C77537D
SHA256:D6A11EDB519C1509008FE2EF4F42AD894D89EFE612D96FC04252818295E835F2
3448WinRAR.exeC:\Users\admin\Desktop\IDM.6.41.b.6.kuyhAa.Me\idman641build6.kuyhAa.exeexecutable
MD5:CA5F2C20B23F553EDE744031BCEE9240
SHA256:F13DFF1C73D422E2119092AF5C2764AD87E4374852D7E5691FDB448696F71F72
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
38
DNS requests
71
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4044
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
text
8 b
unknown
4044
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
text
90 b
unknown
4044
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
binary
471 b
unknown
4044
firefox.exe
POST
200
142.250.186.35:80
http://ocsp.pki.goog/gts1c3
unknown
binary
472 b
unknown
4044
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
binary
471 b
unknown
4044
firefox.exe
POST
200
2.16.2.73:80
http://r3.o.lencr.org/
unknown
binary
503 b
unknown
4044
firefox.exe
POST
200
142.250.186.35:80
http://ocsp.pki.goog/gts1c3
unknown
binary
472 b
unknown
4044
firefox.exe
POST
200
2.16.2.73:80
http://r3.o.lencr.org/
unknown
binary
503 b
unknown
1272
IDMan.exe
POST
200
169.61.27.133:80
http://www.internetdownloadmanager.com/data/update641.txt?v=641b06
unknown
text
2.38 Kb
unknown
3900
IDMan.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?66b6c19a6dca6cb7
unknown
compressed
61.6 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3900
IDMan.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
4044
firefox.exe
169.61.27.133:443
secure.internetdownloadmanager.com
SOFTLAYER
US
unknown
4044
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
4044
firefox.exe
34.117.237.239:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
unknown
4044
firefox.exe
44.209.32.107:443
spocs.getpocket.com
AMAZON-AES
US
unknown

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
test.internetdownloadmanager.com
  • 185.80.221.18
whitelisted
secure.internetdownloadmanager.com
  • 169.61.27.133
whitelisted
www.internetdownloadmanager.com
  • 169.61.27.133
whitelisted
mirror3.internetdownloadmanager.com
  • 174.127.113.77
whitelisted
mirror5.internetdownloadmanager.com
  • 185.80.221.19
whitelisted
registeridm.com
  • 169.61.27.133
unknown
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 93.184.216.34
whitelisted

Threats

PID
Process
Class
Message
1272
IDMan.exe
Potential Corporate Privacy Violation
ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
IDM.6.41.b.6.kuyhAa.Me.zip