URL:

http://matangareonmy6bg.onion

Full analysis: https://app.any.run/tasks/e5c39f27-44e2-4ab3-acb9-c51d7387f0fc
Verdict: Malicious activity
Analysis date: November 05, 2023, 03:23:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
SHA1:

BAED5C28031F7E0FC7BAB3719F60598C0DC1C474

SHA256:

45C4B0A94E1F0DC16B2D0C710A0800993F58725D3CBEFF9AE2CA053EEB29F855

SSDEEP:

3:N1KTZTFi0/:CFR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • msdt.exe (PID: 3756)

    • Process uses IPCONFIG to discover network configuration

      • sdiagnhost.exe (PID: 3832)

    • Uses ROUTE.EXE to obtain the routing table information

      • sdiagnhost.exe (PID: 3832)

    • Reads the Internet Settings

      • sdiagnhost.exe (PID: 3832)

    • Reads settings of System Certificates

      • msdt.exe (PID: 3756)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3436)
      • firefox.exe (PID: 3820)
      • firefox.exe (PID: 3616)

    • Reads security settings of Internet Explorer

      • msdt.exe (PID: 3756)
      • sdiagnhost.exe (PID: 3832)

    • Drops the executable file immediately after the start

      • msdt.exe (PID: 3756)

    • Create files in a temporary directory

      • msdt.exe (PID: 3756)
      • makecab.exe (PID: 2064)
      • sdiagnhost.exe (PID: 3832)

    • Creates files or folders in the user directory

      • msdt.exe (PID: 3756)

    • Reads the computer name

      • wmpnscfg.exe (PID: 3548)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3548)
      • firefox.exe (PID: 3616)

    • Checks supported languages

      • wmpnscfg.exe (PID: 3548)

    • Dropped object may contain TOR URL's

      • sdiagnhost.exe (PID: 3832)
      • msdt.exe (PID: 3756)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 3548)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
52
Monitored processes
17
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe no specs msdt.exe no specs sdiagnhost.exe no specs ipconfig.exe no specs route.exe no specs makecab.exe no specs wmpnscfg.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
316"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3820.0.1038968943\1872050646" -parentBuildID 20230710165010 -prefsHandle 1104 -prefMapHandle 1096 -prefsLen 28523 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2a2e3c7-0e7b-4faa-b2d2-fc73a8f09669} 3820 "\\.\pipe\gecko-crash-server-pipe.3820" 1176 d6a8e50 gpuC:\Program Files\mozilla firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1584"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3820.3.1374863448\1856622230" -childID 2 -isForBrowser -prefsHandle 2968 -prefMapHandle 2964 -prefsLen 34225 -prefMapSize 244195 -jsInitHandle 876 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {709de788-ce0b-4418-85f1-7d71126b9adb} 3820 "\\.\pipe\gecko-crash-server-pipe.3820" 2980 168fd280 tabC:\Program Files\mozilla firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1860"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3820.1.505566725\2135399875" -parentBuildID 20230710165010 -prefsHandle 1416 -prefMapHandle 1412 -prefsLen 28600 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1fdc99d-d9dd-4ac8-9668-269f6c9598d9} 3820 "\\.\pipe\gecko-crash-server-pipe.3820" 1428 d6252c0 socketC:\Program Files\mozilla firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1984"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3820.5.2023008890\1213494336" -childID 4 -isForBrowser -prefsHandle 3900 -prefMapHandle 3904 -prefsLen 29209 -prefMapSize 244195 -jsInitHandle 876 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8b633b1-ec32-4e12-aa5a-118bb922237e} 3820 "\\.\pipe\gecko-crash-server-pipe.3820" 3888 19418110 tabC:\Program Files\mozilla firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2064"C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddfC:\Windows\System32\makecab.exesdiagnhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft® Cabinet Maker
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\makecab.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2324"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3820.2.195110047\857900989" -childID 1 -isForBrowser -prefsHandle 2040 -prefMapHandle 1972 -prefsLen 28712 -prefMapSize 244195 -jsInitHandle 876 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d247eb9-78f6-4043-8d82-236c41343591} 3820 "\\.\pipe\gecko-crash-server-pipe.3820" 2056 129426d0 tabC:\Program Files\mozilla firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2692"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3820.4.1471734496\14562305" -childID 3 -isForBrowser -prefsHandle 3780 -prefMapHandle 3772 -prefsLen 29209 -prefMapSize 244195 -jsInitHandle 876 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0eda344-2b8f-475e-b49f-0309175cd965} 3820 "\\.\pipe\gecko-crash-server-pipe.3820" 3792 18adb110 tabC:\Program Files\mozilla firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
3052"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3820.6.2078952165\853702565" -childID 5 -isForBrowser -prefsHandle 3988 -prefMapHandle 3728 -prefsLen 29209 -prefMapSize 244195 -jsInitHandle 876 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0618fdd9-0bfd-410b-aee5-7fe0b716ef46} 3820 "\\.\pipe\gecko-crash-server-pipe.3820" 4112 17a33e00 tabC:\Program Files\mozilla firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
3308"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3436 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3436"C:\Program Files\Internet Explorer\iexplore.exe" "http://matangareonmy6bg.onion"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
21 413
Read events
21 290
Write events
117
Delete events
6

Modification events

(PID) Process:(3436) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3436) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3436) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3436) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3436) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3436) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3436) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3436) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3436) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3436) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
2
Suspicious files
118
Text files
51
Unknown types
0

Dropped files

PID
Process
Filename
Type
3756msdt.exeC:\Users\admin\AppData\Local\Temp\SDIAG_4c09f644-e5a7-4b90-9314-4e41f7a8f2ef\DiagPackage.dllexecutable
MD5:2433E09C08C21455000F7E36D7653759
SHA256:EA9400E719FB15CD82D5DAB4B7D8E3870BB375BBE11BB95B0D957A84FEE2891C
3436iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:A26286179281B8F5D3493010715EC495
SHA256:7AE38B32DFC5BF69F56AAD17B89EEB3A3968C41B49856E62BE7B672D39ABA25D
3436iexplore.exeC:\Users\admin\AppData\Local\Temp\NDF89E5.tmpbinary
MD5:B7B30A2E8324D292BF85A19E78794131
SHA256:F19D02C8C546DA1D3569E0CBA95719D62D01E8579F7B11055B92F78F51FD9C2C
3436iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:97E502119B2E8CF8AD7438A6AD08D68B
SHA256:661A884CD1474FFED3785766CB41C325A0865BC597DC1E568434B0A687E7266D
3436iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[2].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3436iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:CB7ED77CD20C84D4B67F85F354E85E08
SHA256:0ED2E879FCF4589278B671235A20DF91BE2C86F3EE79D1EACDC0689B64B9289E
3436iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3436iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
3436iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3756msdt.exeC:\Users\admin\AppData\Local\Temp\SDIAG_4c09f644-e5a7-4b90-9314-4e41f7a8f2ef\NetworkDiagnosticsResolve.ps1text
MD5:A7B957F221C643580184665BE57E6AC8
SHA256:8582EF50174CB74233F196F193E04C0CCBBEE2AED5CE50964CBB95822C218E7F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
48
DNS requests
97
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3436
iexplore.exe
GET
200
23.216.77.69:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7e7be2744cda7b8e
unknown
compressed
4.66 Kb
unknown
3820
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
text
90 b
unknown
3436
iexplore.exe
GET
200
23.216.77.69:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?54b3b02e5c946f12
unknown
compressed
4.66 Kb
unknown
3436
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
314 b
unknown
3436
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
unknown
3820
firefox.exe
POST
200
142.250.181.227:80
http://ocsp.pki.goog/gts1c3
unknown
binary
472 b
unknown
3820
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
text
8 b
unknown
3820
firefox.exe
POST
200
184.24.77.54:80
http://r3.o.lencr.org/
unknown
binary
503 b
unknown
3820
firefox.exe
POST
200
184.24.77.54:80
http://r3.o.lencr.org/
unknown
binary
503 b
unknown
3820
firefox.exe
POST
200
18.245.65.219:80
http://ocsp.r2m02.amazontrust.com/
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3436
iexplore.exe
23.36.162.68:443
www.bing.com
Akamai International B.V.
DE
unknown
3436
iexplore.exe
23.216.77.69:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
3436
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3436
iexplore.exe
152.199.19.161:443
r20swj13mr.microsoft.com
EDGECAST
US
whitelisted
3820
firefox.exe
142.250.186.74:443
safebrowsing.googleapis.com
whitelisted
3820
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 23.36.162.68
  • 23.36.162.84
whitelisted
ctldl.windowsupdate.com
  • 23.216.77.69
  • 23.216.77.80
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
matangareonmy6bg.onion
unknown
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
  • 34.117.237.239
whitelisted

Threats

PID
Process
Class
Message
1080
svchost.exe
Potential Corporate Privacy Violation
AV POLICY DNS Query for .onion Domain Via TOR - Not Google
1080
svchost.exe
Potential Corporate Privacy Violation
ET POLICY DNS Query for TOR Hidden Domain .onion Accessible Via TOR
828
svchost.exe
Potential Corporate Privacy Violation
ET POLICY DNS Query for TOR Hidden Domain .onion Accessible Via TOR
828
svchost.exe
Potential Corporate Privacy Violation
AV POLICY DNS Query for .onion Domain Via TOR - Not Google
1080
svchost.exe
Potential Corporate Privacy Violation
AV POLICY DNS Query for .onion Domain Via TOR - Not Google
1080
svchost.exe
Potential Corporate Privacy Violation
ET POLICY DNS Query for TOR Hidden Domain .onion Accessible Via TOR
1080
svchost.exe
Potential Corporate Privacy Violation
ET POLICY DNS Query for TOR Hidden Domain .onion Accessible Via TOR
1080
svchost.exe
Potential Corporate Privacy Violation
AV POLICY DNS Query for .onion Domain Via TOR - Not Google
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://matangareonmy6bg.onion