File name:

3348ad210ac86877e023953519cba103a690d82ff9568b7d70a89ce8e19f8de7

Full analysis: https://app.any.run/tasks/5a1d3cdb-8328-4ecd-94ff-7f82da54789d
Verdict: Malicious activity
Threats:

Gh0st RAT is a malware with advanced trojan functionality that enables attackers to establish full control over the victim’s system. The spying capabilities of Gh0st RAT made it a go-to tool for numerous criminal groups in high-profile attacks against government and corporate organizations. The most common vector of attack involving this malware begins with spam and phishing emails.

Malware Trends Tracker     >>>
Analysis date: April 12, 2025, 18:30:52
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
gh0st
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
MD5:

5D7BED642E12888F7A15BF4AF6165157

SHA1:

7CA3C649EE0469F70D5C0260330CCFB8638C9644

SHA256:

3348AD210AC86877E023953519CBA103A690D82FF9568B7D70A89CE8E19F8DE7

SSDEEP:

49152:4Qf3BVy7x88988NtgwTx3z9EkR1SVSg5pfi0XW5aGZKrcfXfp/zTALozLvtsIEv1:4Qf3S4KBxR1SVSg5p5aZKrMqx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GH0ST mutex has been found

      • svchcst.exe (PID: 7652)
      • look2.exe (PID: 7564)
      • svchcst.exe (PID: 7888)
      • svchcst.exe (PID: 8064)
      • svchcst.exe (PID: 1676)
      • svchcst.exe (PID: 7308)
      • svchcst.exe (PID: 5344)
      • svchcst.exe (PID: 7276)
      • svchcst.exe (PID: 7600)

  • SUSPICIOUS

    • Suspicious files were dropped or overwritten

      • look2.exe (PID: 7564)

    • Executable content was dropped or overwritten

      • look2.exe (PID: 7564)
      • 3348ad210ac86877e023953519cba103a690d82ff9568b7d70a89ce8e19f8de7.exe (PID: 7540)

    • Creates or modifies Windows services

      • look2.exe (PID: 7564)

    • There is functionality for taking screenshot (YARA)

      • 3348ad210ac86877e023953519cba103a690d82ff9568b7d70a89ce8e19f8de7.exe (PID: 7540)

    • Connects to unusual port

      • svchcst.exe (PID: 7652)
      • svchcst.exe (PID: 7888)
      • svchcst.exe (PID: 8064)
      • svchcst.exe (PID: 1676)
      • svchcst.exe (PID: 5344)
      • svchcst.exe (PID: 7308)
      • svchcst.exe (PID: 7276)
      • svchcst.exe (PID: 7600)

    • Executes application which crashes

      • svchcst.exe (PID: 7652)
      • svchcst.exe (PID: 7888)
      • svchcst.exe (PID: 8064)
      • svchcst.exe (PID: 5344)
      • svchcst.exe (PID: 1676)
      • svchcst.exe (PID: 7308)
      • svchcst.exe (PID: 7276)
      • svchcst.exe (PID: 7600)

  • INFO

    • The sample compiled with chinese language support

      • 3348ad210ac86877e023953519cba103a690d82ff9568b7d70a89ce8e19f8de7.exe (PID: 7540)

    • Checks supported languages

      • 3348ad210ac86877e023953519cba103a690d82ff9568b7d70a89ce8e19f8de7.exe (PID: 7540)
      • look2.exe (PID: 7564)

    • Reads the software policy settings

      • svchcst.exe (PID: 7652)
      • svchcst.exe (PID: 7888)
      • svchcst.exe (PID: 5344)
      • svchcst.exe (PID: 8064)
      • svchcst.exe (PID: 1676)
      • svchcst.exe (PID: 7308)
      • svchcst.exe (PID: 7276)
      • svchcst.exe (PID: 7600)

    • Reads security settings of Internet Explorer

      • svchcst.exe (PID: 7652)
      • svchcst.exe (PID: 7888)
      • svchcst.exe (PID: 5344)
      • svchcst.exe (PID: 1676)
      • svchcst.exe (PID: 7308)
      • svchcst.exe (PID: 8064)
      • svchcst.exe (PID: 7276)
      • svchcst.exe (PID: 7600)

    • Create files in a temporary directory

      • 3348ad210ac86877e023953519cba103a690d82ff9568b7d70a89ce8e19f8de7.exe (PID: 7540)

    • Reads the computer name

      • look2.exe (PID: 7564)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:17 03:22:40+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 520192
InitializedDataSize: 1253376
UninitializedDataSize: -
EntryPoint: 0x60d55
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.9.0.9
ProductVersionNumber: 2.9.0.9
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Unicode
FileVersion: 2.9.0.9
FileDescription: 应用程序
ProductName: PopWndL0g
ProductVersion: 2.9.0.9
CompanyName: RuntimeBroker
LegalCopyright: RuntimeBroker
Comments: PopWndL0g
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
153
Monitored processes
20
Malicious processes
8
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 3348ad210ac86877e023953519cba103a690d82ff9568b7d70a89ce8e19f8de7.exe look2.exe svchcst.exe werfault.exe no specs svchcst.exe werfault.exe no specs svchcst.exe werfault.exe no specs svchcst.exe werfault.exe no specs svchcst.exe werfault.exe no specs svchcst.exe no specs werfault.exe no specs svchcst.exe werfault.exe no specs svchcst.exe werfault.exe no specs slui.exe no specs 3348ad210ac86877e023953519cba103a690d82ff9568b7d70a89ce8e19f8de7.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1676C:\WINDOWS\system32\svchcst.exe "c:\windows\system32\1097625.bat",MainThreadC:\Windows\SysWOW64\svchcst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows host process (Rundll32)
Exit code:
255
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\svchcst.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
5344C:\WINDOWS\system32\svchcst.exe "c:\windows\system32\1097625.bat",MainThreadC:\Windows\SysWOW64\svchcst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows host process (Rundll32)
Exit code:
255
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\svchcst.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7152C:\WINDOWS\SysWOW64\WerFault.exe -u -p 5344 -s 1328C:\Windows\SysWOW64\WerFault.exesvchcst.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7232C:\WINDOWS\SysWOW64\WerFault.exe -u -p 1676 -s 1328C:\Windows\SysWOW64\WerFault.exesvchcst.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7276C:\WINDOWS\system32\svchcst.exe "c:\windows\system32\1097625.bat",MainThreadC:\Windows\SysWOW64\svchcst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows host process (Rundll32)
Exit code:
255
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\svchcst.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7308C:\WINDOWS\system32\svchcst.exe "c:\windows\system32\1097625.bat",MainThreadC:\Windows\SysWOW64\svchcst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows host process (Rundll32)
Exit code:
255
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\svchcst.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7400C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7308 -s 1312C:\Windows\SysWOW64\WerFault.exesvchcst.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7436"C:\Users\admin\Desktop\3348ad210ac86877e023953519cba103a690d82ff9568b7d70a89ce8e19f8de7.exe" C:\Users\admin\Desktop\3348ad210ac86877e023953519cba103a690d82ff9568b7d70a89ce8e19f8de7.exeexplorer.exe
User:
admin
Company:
RuntimeBroker
Integrity Level:
MEDIUM
Description:
应用程序
Exit code:
3221226540
Version:
2.9.0.9
Modules
Images
c:\users\admin\desktop\3348ad210ac86877e023953519cba103a690d82ff9568b7d70a89ce8e19f8de7.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7512C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7276 -s 1328C:\Windows\SysWOW64\WerFault.exesvchcst.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7540"C:\Users\admin\Desktop\3348ad210ac86877e023953519cba103a690d82ff9568b7d70a89ce8e19f8de7.exe" C:\Users\admin\Desktop\3348ad210ac86877e023953519cba103a690d82ff9568b7d70a89ce8e19f8de7.exe
explorer.exe
User:
admin
Company:
RuntimeBroker
Integrity Level:
HIGH
Description:
应用程序
Exit code:
0
Version:
2.9.0.9
Modules
Images
c:\users\admin\desktop\3348ad210ac86877e023953519cba103a690d82ff9568b7d70a89ce8e19f8de7.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
Total events
39 449
Read events
39 379
Write events
46
Delete events
24

Modification events

(PID) Process:(7564) look2.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svchcst
Operation:writeName:Description
Value:
¹ÜÀí»ùÓÚ×é¼þ¶ÔÏóÄ£Ð͵ĺËÐÄ·þÎñ,Èç¹û·þÎñ±»½ûÓ㬼ÆËã»ú½«ÎÞ·¨Õý³£ÔËÐС£
(PID) Process:(7564) look2.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svchcst\Parameters
Operation:writeName:ServiceDll
Value:
C:\WINDOWS\system32\1097625.bat
(PID) Process:(7564) look2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Svchost
Operation:writeName:svchcst
Value:
svchcst
(PID) Process:(7776) WerFault.exeKey:\REGISTRY\A\{5c99c260-8830-0e5a-4154-576644fb5816}\Root\InventoryApplicationFile
Operation:writeName:WritePermissionsCheck
Value:
1
(PID) Process:(7776) WerFault.exeKey:\REGISTRY\A\{5c99c260-8830-0e5a-4154-576644fb5816}\Root\InventoryApplicationFile\PermissionsCheckTestKey
Operation:delete keyName:(default)
Value:
(PID) Process:(7776) WerFault.exeKey:\REGISTRY\A\{5c99c260-8830-0e5a-4154-576644fb5816}\Root\InventoryApplicationFile\svchcst.exe|5d020bac932c45f2
Operation:writeName:ProgramId
Value:
0006e09c701521111759bd9b5099571c033d00000904
(PID) Process:(7776) WerFault.exeKey:\REGISTRY\A\{5c99c260-8830-0e5a-4154-576644fb5816}\Root\InventoryApplicationFile\svchcst.exe|5d020bac932c45f2
Operation:writeName:FileId
Value:
00006f317948fd881fc9ad25292f6d2c021ee9a82a85
(PID) Process:(7776) WerFault.exeKey:\REGISTRY\A\{5c99c260-8830-0e5a-4154-576644fb5816}\Root\InventoryApplicationFile\svchcst.exe|5d020bac932c45f2
Operation:writeName:LowerCaseLongPath
Value:
c:\windows\syswow64\svchcst.exe
(PID) Process:(7776) WerFault.exeKey:\REGISTRY\A\{5c99c260-8830-0e5a-4154-576644fb5816}\Root\InventoryApplicationFile\svchcst.exe|5d020bac932c45f2
Operation:writeName:LongPathHash
Value:
svchcst.exe|5d020bac932c45f2
(PID) Process:(7776) WerFault.exeKey:\REGISTRY\A\{5c99c260-8830-0e5a-4154-576644fb5816}\Root\InventoryApplicationFile\svchcst.exe|5d020bac932c45f2
Operation:writeName:Name
Value:
svchcst.exe
Executable files
3
Suspicious files
16
Text files
11
Unknown types
0

Dropped files

PID
Process
Filename
Type
7776WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchcst.exe_d41e1e28a92ead31b9e1d7846b6cfe7f5dd1e_19de00a8_24121aa7-b305-4f3f-a3f1-ad40a4b66ae0\Report.wer
MD5:
SHA256:
7976WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchcst.exe_d41e1e28a92ead31b9e1d7846b6cfe7f5dd1e_19de00a8_89cca7ee-cfac-4c2e-97de-ac3c9fd97814\Report.wer
MD5:
SHA256:
8188WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchcst.exe_d41e1e28a92ead31b9e1d7846b6cfe7f5dd1e_19de00a8_77b8fa41-b42c-483d-acfa-5e9ffd77dbc3\Report.wer
MD5:
SHA256:
7776WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERDC88.tmp.WERInternalMetadata.xmlbinary
MD5:B296B48128C2D7571A2DE6D017DD175A
SHA256:70FA3332EEFCE6DE50A03900A82DA545DE76BE75CAD385B3E8EE1756C1680537
7652svchcst.exeC:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\getip[1].htmhtml
MD5:72FA0FCA20C82853E6DBBC1F13C78100
SHA256:4555DE589FF9B307E20C708D6F112BC47BB377DF29FF0A5914F8FB0932926887
7776WerFault.exeC:\Windows\appcompat\Programs\Amcache.hvebinary
MD5:D70D978BCD2C13F8A149BBD218B35FE9
SHA256:B53AB778394DDD50FD5E4B85ABE236596D7DA01656900CBBE67E95EAD0941AE2
7776WerFault.exeC:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\svchcst.exe.7652.dmpbinary
MD5:19EFD26A87AAE86B33B52DFE57824399
SHA256:8A6555FD17EE72024C408C8120C3EA1F755FE34CB32FC0AB3D7830151A4C0BBB
7776WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERDA74.tmp.dmpbinary
MD5:961F65C6F861211593BDFFF375AC2C64
SHA256:6E075C9B82C6FEC7E329063F3566F1F9C2FD90347CC1BD124D1FB99B66E2DB55
7152WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchcst.exe_d41e1e28a92ead31b9e1d7846b6cfe7f5dd1e_19de00a8_310f915e-68e5-443b-b1d1-cf01deb1c477\Report.wer
MD5:
SHA256:
7776WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERDCA8.tmp.xmlxml
MD5:31C7B153EA09E0F8EDECB0BC1C184368
SHA256:0EC1E05153F9799EE8A714DE0ACABDD421A765E8FD8CD4235394A5F6E9ACB654
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
73
TCP/UDP connections
103
DNS requests
22
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7652
svchcst.exe
GET
301
163.181.92.223:80
http://www.taobao.com/help/getip.php
unknown
whitelisted
7888
svchcst.exe
GET
301
163.181.92.223:80
http://www.taobao.com/help/getip.php
unknown
whitelisted
8064
svchcst.exe
GET
301
163.181.92.223:80
http://www.taobao.com/help/getip.php
unknown
whitelisted
GET
304
172.202.163.200:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
GET
200
172.202.163.200:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
2152
SIHClient.exe
GET
200
23.216.77.26:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2152
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
2152
SIHClient.exe
GET
200
23.216.77.26:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
5344
svchcst.exe
GET
301
163.181.92.223:80
http://www.taobao.com/help/getip.php
unknown
whitelisted
GET
200
13.85.23.206:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
7652
svchcst.exe
47.238.96.72:442
kinh.xmcxmr.com
US
unknown
7652
svchcst.exe
163.181.92.223:80
www.taobao.com
Zhejiang Taobao Network Co.,Ltd
DE
whitelisted
7652
svchcst.exe
163.181.92.223:443
www.taobao.com
Zhejiang Taobao Network Co.,Ltd
DE
whitelisted
7888
svchcst.exe
47.238.96.72:442
kinh.xmcxmr.com
US
unknown
7888
svchcst.exe
163.181.92.223:80
www.taobao.com
Zhejiang Taobao Network Co.,Ltd
DE
whitelisted
7888
svchcst.exe
163.181.92.223:443
www.taobao.com
Zhejiang Taobao Network Co.,Ltd
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.78
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
kinh.xmcxmr.com
  • 47.238.96.72
unknown
www.taobao.com
  • 163.181.92.223
  • 163.181.92.222
whitelisted
login.live.com
  • 40.126.31.1
  • 20.190.159.71
  • 40.126.31.129
  • 20.190.159.75
  • 40.126.31.130
  • 20.190.159.73
  • 40.126.31.67
  • 40.126.31.3
whitelisted
watson.events.data.microsoft.com
  • 20.42.73.29
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
crl.microsoft.com
  • 23.216.77.26
  • 23.216.77.13
  • 23.216.77.22
  • 23.216.77.21
  • 23.216.77.18
  • 23.216.77.25
  • 23.216.77.31
  • 23.216.77.7
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
3348ad210ac86877e023953519cba103a690d82ff9568b7d70a89ce8e19f8de7