URL:

92ef3c72dd.smapp.work/trkclk?pid=6385&cid=3288136&p_cid=3292813&ow=1

Full analysis: https://app.any.run/tasks/5c5f4849-5a4b-450f-8759-1dc567781a10
Verdict: Malicious activity
Analysis date: October 31, 2023, 00:45:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
SHA1:

7DC5100C329844539A5489ADE348A33770957760

SHA256:

4379F7861C9F6B78A42B45E68DB028EDE2929A4A9EFB262CCCBF066E1C9A952E

SSDEEP:

3:mADkXB0IEleKe8VMBYWQa9QddUeWMGXUn:mACBi5mdQa9gFJGXU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • chrome.exe (PID: 2740)
      • iexplore.exe (PID: 852)

    • The process uses the downloaded file

      • chrome.exe (PID: 3076)
      • chrome.exe (PID: 1036)
      • chrome.exe (PID: 2292)

    • Manual execution by a user

      • chrome.exe (PID: 2740)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 3832)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
71
Monitored processes
34
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
276"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 --field-trial-handle=1172,i,17577399748788777801,10269075985620011977,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
604"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4112 --field-trial-handle=1172,i,17577399748788777801,10269075985620011977,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
852"C:\Program Files\Internet Explorer\iexplore.exe" "92ef3c72dd.smapp.work/trkclk?pid=6385&cid=3288136&p_cid=3292813&ow=1"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
948"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 --field-trial-handle=1172,i,17577399748788777801,10269075985620011977,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
1024"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=988 --field-trial-handle=1172,i,17577399748788777801,10269075985620011977,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1036"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 --field-trial-handle=1172,i,17577399748788777801,10269075985620011977,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1180"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=296 --field-trial-handle=1172,i,17577399748788777801,10269075985620011977,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
1484"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1660 --field-trial-handle=1172,i,17577399748788777801,10269075985620011977,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1536"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:852 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rpcrt4.dll
1580"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3524 --field-trial-handle=1172,i,17577399748788777801,10269075985620011977,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
25 140
Read events
24 949
Write events
183
Delete events
8

Modification events

(PID) Process:(852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000056010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
2
Suspicious files
160
Text files
140
Unknown types
0

Dropped files

PID
Process
Filename
Type
1536iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:9F58E05223740D3393F1F7F567B238D3
SHA256:1E1F5C5AE91FFA2DAE7DF9FFE5BDE7939D852781B201E7F3E688D5001B9937F4
1536iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\trkclk[1].htmhtml
MD5:85CF354C369FA011E55A21F130BBBF49
SHA256:54B363D109F35B9EBFC967C907C8AA20846D9D3334DC3B4152080CADA083C0FE
1536iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\main[1].jstext
MD5:B4FE2DA83F0FD2EA375D38DD50B7D5CE
SHA256:29C778329E3F8015292955FC490E21C5DE2E910F17E3D38FAACA3193759F5935
1536iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:4018A8D163379839ECE6367BCA843214
SHA256:8B8C28473EAFE6A6AEC5C34CD5FAD7FED325EE7A9CC793BD747FF446E3793170
1536iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_3EE3FFC42F54AA63B06BC4435164B649binary
MD5:26B8625E1E444BDC273922E8F9EF24EB
SHA256:175E08280044C67EACAF675BAAD04F73D08CC013C0A64B3CE3C72D64C50F5DD5
1536iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:F3441B8572AAE8801C04F3060B550443
SHA256:6720349E7D82EE0A8E73920D3C2B7CB2912D9FCF2EDB6FD98F2F12820158B0BF
1536iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_7884D2CC4B4F7ED1B29434B6CAC2C4E8binary
MD5:6F7D4C7BB50F3EE4343396095A125D81
SHA256:6F7B866DD6E0B1E0DE4F11F8D74995CE98CB269A213009170662A56A255222E1
1536iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabB527.tmpcompressed
MD5:F3441B8572AAE8801C04F3060B550443
SHA256:6720349E7D82EE0A8E73920D3C2B7CB2912D9FCF2EDB6FD98F2F12820158B0BF
1536iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarB516.tmpbinary
MD5:9441737383D21192400ECA82FDA910EC
SHA256:BC3A6E84E41FAEB57E7C21AA3B60C2A64777107009727C5B7C0ED8FE658909E5
1536iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarB528.tmpbinary
MD5:9441737383D21192400ECA82FDA910EC
SHA256:BC3A6E84E41FAEB57E7C21AA3B60C2A64777107009727C5B7C0ED8FE658909E5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
51
TCP/UDP connections
95
DNS requests
83
Threats
18

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1536
iexplore.exe
GET
200
35.186.250.143:80
http://92ef3c72dd.smapp.work/trkclk?pid=6385&cid=3288136&p_cid=3292813&ow=1
unknown
html
2.99 Kb
unknown
1536
iexplore.exe
GET
200
172.217.17.99:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEHC%2FszIbQcKICkyGdJIZyRI%3D
unknown
binary
471 b
unknown
1536
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7275d8147b9e6ab0
unknown
compressed
4.66 Kb
unknown
1536
iexplore.exe
GET
200
35.186.250.143:80
http://92ef3c72dd.smapp.work/api/v1/click/confirm.js?data=gAAAAABlQE5LLFDofPiGpKBwc15qtJaxvWTduFO4k2yUjZIxfX08sMdPZOsQnSLNXjM6SE7MTdLuMxQOiAJqrdEJ4Imq5EBNli-TRUeFyJdaQ61u3xcQhRe5nwqy26TssQ6HZi2_8tcPQ6rfW90OEDTqwCIWsXn1V32H7Gjbx_71W2IWxjCVwStCGPWd0CksSALGkkqpU_MyMN8pUUJnsIkmRxzEqFdeNJtctrYJNYy-69xqvNJaqYpBwZLiyEAwXVN-H9LXCKKHMKfRwtuAZopqfoaNZ3sW1sngowm7enivy5tnouprvLgDckx4jHPXY7_94Hd_1rwsHXwptvc6HhxNH-ejkHxcsIrMxHaP3jMaj_SXPE1_c_kYfLkNK1UlFusFTEi8_HVSAjRo48UQ4jeSuEzfBtw6WdSLXB7QLRhqWFr9SkE9HFseuDBBsq0in81aw-6xXz8qO2o0Olpq5xOF9nrI_yYjcYih1bqjybaRgRYVyXdwmd-XskwH6XaxTc_YfkDlWXG15On-1Fm_7DS9PerBHX7TCQN2WMIunawtOyTY-3rr2I5kkp_fpJ3DHBbWbONCcJNUoJsxSMIRtXhR7t5LyLg3aRcStUH5CYhPnVHWrXnIIuwd7M4NE6_B7HWwxsfKNBxBoo6fuZYVOKfK4P0IfjJnIVZoc_r8kb6oXGGvAe61XlKeQccMeOOCTbCVkpjWgPjybd9VZMNdUOpjdcJIMkm4gBzBaj81vNSeEf3nF-jC5cktMyOaA2W0-st4QSWkszpH0q9Kp3aRsft1GU7ybnpROfteHPTx8Q1JQb_w9mJMT-PlfwYvaCUUaZJt6B0FGE6sH3dWf7XUKXG2OyXO857AqZhJSkbzU-0XRWIyLh9tZv0s7gntmjsISuRaCK8-ICyBNmhoPIFZXrmIT1JTqHIvxx2XKKmFlTRI3k1VJ4KGx-FWfcPQgqiA9JZM45fnjqR8dTARExU8sEJ9ZKQ0PCdZYsDr1JQZJAk3A9nNR65ygQZ8D_CQYiLxqfw3RtQTo6vu8JsKxKgz3ChpFQGE7bET-ZSCn20u3Tke05TIUkte1Aor0k1ZgZ0OALAy8YM03tqYDkKmv2PLtQ64BQzQq2Hui6-HdFAV-Y2tU942yzFNCfMWgu1YadwKXM7oG-63360UrOJXkjIhFgbRjqT-j8Az7Yc58giySL7c6f2tOR5yytLRoGWSnZ7H-pNpuyvmuUHj0q43xJoDcsYwdIanyuFv-3Ap4Sy0fqsZvnWTvejX3aw2TBKAbhlqiusn-jbOTRGV67-eqdaf3wDWyWeDjxNWLrL-N6IUHje-FYe_EZN4C0c6Gm_ABYri07s3Co4-PeE2pIzByg3s9siWiEPOE61a1rcUyp-OIMT_45jp1ypeKMsmdTPNk_7USgW9kv2qvRYMuk-6RJSUcbMZXKGZTkZLwwCMYJMpRYrHnmPA_GU712Skmgwx0rqjzqt7bWZX8XNSMRlyJ68t8MxQj7BPSURCGd7GVIsJyJx8UwsL79xVBa6FWRf-5J6-qbQ3lCjKT3dKxHyrTRYkR710tgHNRd35A4Ux_JFwEfFn4ps3OxMAkWmt9SagW5iOyJchpXazFwDUEPyUXPFcNbPEGepg5siyECBYGo1guIRwHZ2SUpQiypCp56BFas_0rAHmw-OFNB9Ev-8y5WkTiRaW3fbGRGx_IKO3_0qIdlcUXpuyqRT6HXMftv68xK0excgvFPOB_nz3xOEGINb3ZxCJnCtxXpzMwmgqy-9oviqSYata3pkaQZiUJVxNCOETjiYqSodwS4pp42xNbFEtUjUQiWI6GHoho9Hnz_N8fjn7OodFfsPBiZbn8pFMua5ybo_XQDsKqloqRYf8oPnmAVuSNLzEPLLJlkRq4Br5m1IeydaQ7daWQMp_GWdgntcemtimXdlD5U3C2hwE9C4Sy7bud9Bqo1zuDkTG9Rq9Oyk0qYyujWC6M3p-M1o4gS4FwvQm5c4ULPgNFNkHDfO4qkpznSDOMt9IGVM2c2F7pTzht-6aluaCqR4XJvOySyW_FSBTOpeCXR8bng7IHPAmKDI9ICqhUvLgxlMdFAdoUaZB2u0u9vuzB8X8tZRC1j-k_8dmegvf2whpuSTYqKEbTK5JaPElJ2jMcL9HmtbKujAC9AvEpR-YvriDsxbd85dWPtLIZ6UXtfQ1lzy6wMNsJ2KO1qgmsG5-am37iQe1JOD8GEUA_hR4fugyaQUydcwEnCQuJBBQgDk82LHZ75GsOPHX_tX6sG0rfJnLFVuKEYpbJzG-WhzjhGFenELWrG-hzqolq0C88VeZ9s6JqaGEh-TQj6Xm691CbFiv3-V0G5pbNOV-bCiTmRia_oHVs0S1WhZOBUNgL85leu9wulNdcJ088MpQxxiJIXd_duw3Gvu-sHY6u9bj2kbyCsfZGSDO-JHNynb2drZCTdvloGs8jSZdjBYdc8k5DrHQU63vTb_whxkdcffgfdY%3D
unknown
compressed
2.99 Kb
unknown
1536
iexplore.exe
GET
200
172.217.17.99:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
1536
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c0b0cfbec41be01e
unknown
compressed
4.66 Kb
unknown
1536
iexplore.exe
GET
200
172.217.17.99:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
1536
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?dc516db73da38a37
unknown
compressed
61.6 Kb
unknown
1536
iexplore.exe
GET
200
172.217.17.99:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCED0DQO7sPXWsCXu6cFHQzsU%3D
unknown
binary
471 b
unknown
1536
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?dd6b463993b32d06
unknown
compressed
61.6 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
1536
iexplore.exe
35.186.250.143:80
92ef3c72dd.smapp.work
GOOGLE
US
unknown
1536
iexplore.exe
216.58.214.155:443
storage.googleapis.com
GOOGLE
US
unknown
1536
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
1536
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1536
iexplore.exe
172.217.17.99:80
ocsp.pki.goog
GOOGLE
US
whitelisted
1536
iexplore.exe
216.239.32.178:443
www.google-analytics.com
GOOGLE
US
unknown
4
System
192.168.100.255:137
whitelisted
1536
iexplore.exe
198.27.74.89:443
fizzylabs.afftrack.com
OVH SAS
CA
unknown

DNS requests

Domain
IP
Reputation
92ef3c72dd.smapp.work
  • 35.186.250.143
unknown
storage.googleapis.com
  • 216.58.214.155
  • 142.250.184.155
  • 142.250.187.123
  • 142.250.187.155
  • 142.250.187.187
  • 172.217.17.123
  • 172.217.17.155
  • 172.217.20.91
  • 216.58.212.27
  • 216.58.212.59
  • 216.58.213.123
  • 142.251.140.27
  • 142.251.140.59
  • 142.251.140.91
  • 142.251.141.59
  • 172.217.169.123
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
  • 93.184.221.240
whitelisted
ocsp.pki.goog
  • 172.217.17.99
whitelisted
www.google-analytics.com
  • 216.239.32.178
  • 216.239.34.178
  • 216.239.38.178
  • 216.239.36.178
whitelisted
fizzylabs.afftrack.com
  • 198.27.74.89
unknown
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.affiliatesleague.com
  • 35.234.82.254
unknown
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 23.36.162.84
  • 23.36.162.68
  • 204.79.197.200
  • 13.107.21.200
whitelisted

Threats

PID
Process
Class
Message
1088
svchost.exe
Potentially Bad Traffic
ET INFO Observed DNS Query to .work TLD
1536
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.work Domain
1536
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.work Domain
1536
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.work Domain
852
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.work Domain
3152
chrome.exe
Potentially Bad Traffic
ET INFO Observed DNS Query to .work TLD
3152
chrome.exe
Potentially Bad Traffic
ET INFO Observed DNS Query to .work TLD
3152
chrome.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.work Domain
3152
chrome.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.work Domain
3152
chrome.exe
Potentially Bad Traffic
ET INFO Observed DNS Query to .work TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
92ef3c72dd.smapp.work/trkclk?pid=6385&cid=3288136&p_cid=3292813&ow=1