analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://sourceforge.net/projects/loic/

Full analysis: https://app.any.run/tasks/7a43a08f-b57a-4e01-ade0-b70013006fe2
Verdict: Malicious activity
Analysis date: January 24, 2022, 20:20:31
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

CD7422EA5DFB19C873DBA2D7C665624C

SHA1:

A4C4190835C5CD55800A757BF59514073FC81684

SHA256:

421BE020BA9D3D9FBBFA97F97F804BCDCCB5A8F55D37A82F3990AA2F996ABF53

SSDEEP:

3:N8HCGSuLAuUtaK:2iGnCtaK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Drops executable file immediately after starts

      • chrome.exe (PID: 3844)
    • Application was dropped or rewritten from another process

      • LOIC.exe (PID: 3212)
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2504)
      • LOIC.exe (PID: 3212)
    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 804)
    • Drops a file that was compiled in debug mode

      • chrome.exe (PID: 3844)
      • WinRAR.exe (PID: 344)
    • Executable content was dropped or overwritten

      • chrome.exe (PID: 3844)
      • WinRAR.exe (PID: 344)
    • Reads the computer name

      • LOIC.exe (PID: 3212)
      • WinRAR.exe (PID: 344)
    • Checks supported languages

      • LOIC.exe (PID: 3212)
      • WinRAR.exe (PID: 344)
    • Creates files in the user directory

      • LOIC.exe (PID: 3212)
    • Reads internet explorer settings

      • LOIC.exe (PID: 3212)
    • Reads CPU info

      • LOIC.exe (PID: 3212)
  • INFO

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2504)
      • iexplore.exe (PID: 3004)
      • chrome.exe (PID: 672)
      • LOIC.exe (PID: 3212)
    • Checks supported languages

      • iexplore.exe (PID: 3004)
      • iexplore.exe (PID: 2504)
      • chrome.exe (PID: 672)
      • chrome.exe (PID: 3656)
      • chrome.exe (PID: 2516)
      • chrome.exe (PID: 804)
      • chrome.exe (PID: 2288)
      • chrome.exe (PID: 3352)
      • chrome.exe (PID: 2080)
      • chrome.exe (PID: 2880)
      • chrome.exe (PID: 628)
      • chrome.exe (PID: 976)
      • chrome.exe (PID: 3156)
      • chrome.exe (PID: 3384)
      • chrome.exe (PID: 3912)
      • chrome.exe (PID: 2740)
      • chrome.exe (PID: 2572)
      • chrome.exe (PID: 1372)
      • chrome.exe (PID: 3700)
      • chrome.exe (PID: 3816)
      • chrome.exe (PID: 3032)
      • chrome.exe (PID: 4052)
      • chrome.exe (PID: 3936)
      • chrome.exe (PID: 3352)
      • chrome.exe (PID: 3652)
      • chrome.exe (PID: 3364)
      • chrome.exe (PID: 3872)
      • chrome.exe (PID: 3844)
      • chrome.exe (PID: 3968)
      • chrome.exe (PID: 2572)
      • chrome.exe (PID: 3280)
      • chrome.exe (PID: 612)
      • chrome.exe (PID: 1544)
      • chrome.exe (PID: 1852)
      • chrome.exe (PID: 3888)
      • chrome.exe (PID: 4004)
      • chrome.exe (PID: 2608)
      • chrome.exe (PID: 3892)
      • chrome.exe (PID: 3480)
      • chrome.exe (PID: 2188)
      • chrome.exe (PID: 3596)
    • Reads the computer name

      • iexplore.exe (PID: 2504)
      • iexplore.exe (PID: 3004)
      • chrome.exe (PID: 804)
      • chrome.exe (PID: 2516)
      • chrome.exe (PID: 672)
      • chrome.exe (PID: 976)
      • chrome.exe (PID: 2572)
      • chrome.exe (PID: 3032)
      • chrome.exe (PID: 3364)
      • chrome.exe (PID: 3872)
      • chrome.exe (PID: 3652)
      • chrome.exe (PID: 3968)
      • chrome.exe (PID: 2572)
      • chrome.exe (PID: 3280)
    • Changes internet zones settings

      • iexplore.exe (PID: 3004)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2504)
      • iexplore.exe (PID: 3004)
      • LOIC.exe (PID: 3212)
    • Application launched itself

      • iexplore.exe (PID: 3004)
      • chrome.exe (PID: 804)
    • Reads the date of Windows installation

      • iexplore.exe (PID: 3004)
      • chrome.exe (PID: 3364)
    • Manual execution by user

      • chrome.exe (PID: 804)
      • WinRAR.exe (PID: 344)
    • Reads the hosts file

      • chrome.exe (PID: 804)
      • chrome.exe (PID: 672)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
82
Monitored processes
43
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe chrome.exe no specs loic.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3004"C:\Program Files\Internet Explorer\iexplore.exe" "https://sourceforge.net/projects/loic/"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2504"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3004 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
804"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
3656"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x71abd988,0x71abd998,0x71abd9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2516"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1048,11649160545672780859,8257128829790975961,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1056 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
672"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1048,11649160545672780859,8257128829790975961,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1316 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2080"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,11649160545672780859,8257128829790975961,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
3384"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,11649160545672780859,8257128829790975961,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2288"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,11649160545672780859,8257128829790975961,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
3352"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1048,11649160545672780859,8257128829790975961,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
Total events
35 765
Read events
35 397
Write events
357
Delete events
11

Modification events

(PID) Process:(3004) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3004) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3004) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30937439
(PID) Process:(3004) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3004) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30937439
(PID) Process:(3004) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3004) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3004) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3004) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3004) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
2
Suspicious files
238
Text files
188
Unknown types
27

Dropped files

PID
Process
Filename
Type
2504iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarF764.tmpcat
MD5:D99661D0893A52A0700B8AE68457351A
SHA256:BDD5111162A6FA25682E18FA74E37E676D49CAFCB5B7207E98E5256D1EF0D003
3004iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:79BB5EED4566D952B9A24EB5AF1DCA83
SHA256:DDF071D60952BA5F24C989D591F96924BD02A07C7A0697CF72C1317801DCE608
2504iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751der
MD5:54E9306F95F32E50CCD58AF19753D929
SHA256:45F94DCEB18A8F738A26DA09CE4558995A4FE02B971882E8116FC9B59813BB72
2504iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:BA09FC92547E2B72D56EC3B9A8C58EE6
SHA256:4234E09C4D0ED7B4AA8DB87D276B9ADB439531F221D55562C70B13A63EB594BD
3004iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFA36D044DF054C8E8.TMPgmc
MD5:B9908FF405F0BF1B4FDF2C216750D9AE
SHA256:281E9B6A334F60A4717CF74F49AEC455E0DD16B9A5A4DCF70E26ADAEBDDA09C5
2504iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:ACAEDA60C79C6BCAC925EEB3653F45E0
SHA256:6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
804chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61EF0A20-324.pma
MD5:
SHA256:
3004iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:FC990EAA7247546FB67C18916A4CAC9B
SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993
3004iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFD585CAA2A1C9C644.TMPgmc
MD5:7FF9F8D165E7DD96A47D03FDCAF135D6
SHA256:9E59BABA81AE0B2D905AFE2EF60C014C16961A45A17C4674922E3FDB9145686C
3004iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFE97332270BF6A59C.TMPgmc
MD5:2CD181A6882D162A01BDE7FFA2274B8F
SHA256:A8F3EE380D9797375EF352422D5CBD02F40D0AC54A64F0105615655A165E3400
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
630
TCP/UDP connections
775
DNS requests
82
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
924
svchost.exe
HEAD
200
74.125.104.199:80
http://r2---sn-ixh7rn76.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3?cms_redirect=yes&mh=8t&mip=196.244.192.6&mm=28&mn=sn-ixh7rn76&ms=nvh&mt=1643055288&mv=u&mvi=2&pl=27&rmhost=r3---sn-ixh7rn76.gvt1.com&shardbypass=yes
US
whitelisted
2504
iexplore.exe
GET
95.101.89.75:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSn0Mf8DzQngoxfy%2FjJ1O1OiA%3D%3D
unknown
shared
672
chrome.exe
GET
302
142.250.186.142:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
556 b
whitelisted
3004
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
672
chrome.exe
GET
200
74.125.104.201:80
http://r4---sn-ixh7rn76.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=e_&mip=196.244.192.6&mm=28&mn=sn-ixh7rn76&ms=nvh&mt=1643055288&mv=u&mvi=4&pl=27&rmhost=r3---sn-ixh7rn76.gvt1.com&shardbypass=yes
US
crx
242 Kb
whitelisted
2504
iexplore.exe
GET
200
92.123.194.108:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?5b810eac8f0d199b
unknown
compressed
59.9 Kb
whitelisted
924
svchost.exe
HEAD
302
142.250.186.142:80
http://redirector.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
whitelisted
924
svchost.exe
GET
206
74.125.104.199:80
http://r2---sn-ixh7rn76.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3?cms_redirect=yes&mh=8t&mip=196.244.192.6&mm=28&mn=sn-ixh7rn76&ms=nvh&mt=1643055288&mv=u&mvi=2&pl=27&rmhost=r3---sn-ixh7rn76.gvt1.com&shardbypass=yes
US
binary
5.63 Kb
whitelisted
2504
iexplore.exe
GET
200
104.89.32.83:80
http://x1.c.lencr.org/
NL
der
717 b
whitelisted
924
svchost.exe
GET
302
142.250.186.142:80
http://redirector.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
html
577 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2504
iexplore.exe
104.89.32.83:80
x1.c.lencr.org
Akamai Technologies, Inc.
NL
suspicious
3004
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3004
iexplore.exe
13.107.21.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2504
iexplore.exe
204.68.111.105:443
sourceforge.net
American Internet Services, LLC.
US
suspicious
2504
iexplore.exe
8.248.119.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
2504
iexplore.exe
92.123.194.108:80
ctldl.windowsupdate.com
Akamai International B.V.
suspicious
672
chrome.exe
142.250.186.109:443
accounts.google.com
Google Inc.
US
whitelisted
672
chrome.exe
142.250.185.78:443
clients2.google.com
Google Inc.
US
whitelisted
672
chrome.exe
142.250.185.68:443
www.google.com
Google Inc.
US
whitelisted
672
chrome.exe
142.250.185.202:443
fonts.googleapis.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
sourceforge.net
  • 204.68.111.105
whitelisted
ctldl.windowsupdate.com
  • 92.123.194.108
  • 92.123.194.121
  • 8.248.119.254
  • 8.253.207.120
  • 8.248.137.254
  • 67.26.139.254
  • 67.27.157.126
whitelisted
api.bing.com
  • 13.107.13.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
  • 13.107.22.200
  • 131.253.33.200
whitelisted
x1.c.lencr.org
  • 104.89.32.83
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
r3.o.lencr.org
  • 95.101.89.75
  • 95.101.89.25
  • 95.101.89.24
  • 95.101.89.49
shared
clientservices.googleapis.com
  • 216.58.212.131
whitelisted
clients2.google.com
  • 142.250.185.78
whitelisted
accounts.google.com
  • 142.250.186.109
shared

Threats

PID
Process
Class
Message
3212
LOIC.exe
Generic Protocol Command Decode
SURICATA HTTP Request line incomplete
3212
LOIC.exe
Generic Protocol Command Decode
SURICATA Applayer Detect protocol only one direction
3212
LOIC.exe
Generic Protocol Command Decode
SURICATA HTTP Request line incomplete
3212
LOIC.exe
Generic Protocol Command Decode
SURICATA Applayer Detect protocol only one direction
3212
LOIC.exe
Generic Protocol Command Decode
SURICATA HTTP Request line incomplete
3212
LOIC.exe
Generic Protocol Command Decode
SURICATA Applayer Detect protocol only one direction
3212
LOIC.exe
Generic Protocol Command Decode
SURICATA HTTP Request line incomplete
3212
LOIC.exe
Generic Protocol Command Decode
SURICATA Applayer Detect protocol only one direction
3212
LOIC.exe
Generic Protocol Command Decode
SURICATA HTTP Request line incomplete
3212
LOIC.exe
Generic Protocol Command Decode
SURICATA Applayer Detect protocol only one direction
5 ETPRO signatures available at the full report
No debug info