URL:

https://github.com/Batlez/CloakBox/releases/download/4/CloakBox.zip

Full analysis: https://app.any.run/tasks/eef0cd1b-1e18-4625-aff9-b596ccbd8d45
Verdict: Malicious activity
Analysis date: February 07, 2026, 16:47:06
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
github
antivm
anti-evasion
advancedinstaller
susp-powershell
Indicators:
MD5:

A89182009A49D19A5839F925EAC86CE0

SHA1:

F95C29BCAF0BA2ABF52A2FFDF73613B64F9E989A

SHA256:

555EA69384E07CDF9E84A5D47CADBE55D23B59DC8179E18EA8EE1B59202103DA

SSDEEP:

3:N8tEdUyeEIGKXhrkCReEOnGLkV:2uyyeEIGMhrGEOnGLkV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes settings of System certificates

      • CloakBox.exe (PID: 8448)

    • Reads a specific registry key of the VM

      • msiexec.exe (PID: 5920)
      • VirtualBox.exe (PID: 1872)
      • VBoxSVC.exe (PID: 6216)
      • VBoxSDS.exe (PID: 4372)
      • VirtualBox.exe (PID: 936)
      • VBoxSVC.exe (PID: 7256)
      • VBoxSDS.exe (PID: 4616)

    • Executing a file with an untrusted certificate

      • AntiOS 3.4.5.exe (PID: 6796)
      • AntiOS 3.4.5.exe (PID: 664)
      • GPU Spoofer.exe (PID: 8448)
      • GPU Spoofer.exe (PID: 5224)

  • SUSPICIOUS

    • Adds/modifies Windows certificates

      • CloakBox.exe (PID: 8448)

    • Reads the Windows owner or organization settings

      • CloakBox.exe (PID: 8448)
      • AntiOS 3.4.5.exe (PID: 664)

    • Application launched itself

      • msiexec.exe (PID: 5528)

    • Executable content was dropped or overwritten

      • CloakBox.exe (PID: 8448)
      • AntiOS 3.4.5.exe (PID: 664)
      • GPU Spoofer.exe (PID: 5224)

    • Executes as Windows Service

      • VSSVC.exe (PID: 5548)
      • VBoxSDS.exe (PID: 4372)
      • VBoxSDS.exe (PID: 4616)

    • There is functionality for communication over UDP network (YARA)

      • CloakBox.exe (PID: 8448)
      • VirtualBox.exe (PID: 1872)
      • VBoxSVC.exe (PID: 6216)

    • There is functionality for VM detection VirtualBox (YARA)

      • CloakBox.exe (PID: 8448)
      • VirtualBox.exe (PID: 1872)
      • VBoxSVC.exe (PID: 6216)

    • Drops a system driver (possible attempt to evade defenses)

      • drvinst.exe (PID: 8668)
      • drvinst.exe (PID: 8792)
      • msiexec.exe (PID: 5920)
      • msiexec.exe (PID: 5528)
      • drvinst.exe (PID: 8904)
      • drvinst.exe (PID: 476)

    • Creates files in the driver directory

      • msiexec.exe (PID: 5920)

    • The process checks if it is being run in the virtual environment

      • msiexec.exe (PID: 5920)

    • There is functionality for VM detection antiVM strings (YARA)

      • VirtualBox.exe (PID: 1872)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 4188)
      • powershell.exe (PID: 1556)
      • powershell.exe (PID: 756)

    • ADVANCEDINSTALLER mutex has been found

      • AntiOS 3.4.5.exe (PID: 664)

    • Process drops legitimate windows executable

      • AntiOS 3.4.5.exe (PID: 664)

    • The process creates files with name similar to system file names

      • GPU Spoofer.exe (PID: 5224)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • GPU Spoofer.exe (PID: 5224)

    • Reads Internet Explorer settings

      • AntiOS 3.4.5.exe (PID: 664)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 2572)

    • Reads Environment values

      • identity_helper.exe (PID: 5044)
      • AntiOS 3.4.5.exe (PID: 664)
      • msiexec.exe (PID: 8048)

    • Manual execution by a user

      • WinRAR.exe (PID: 3440)
      • CloakBox.exe (PID: 8448)
      • VirtualBox.exe (PID: 936)
      • AntiOS 3.4.5.exe (PID: 6796)
      • powershell.exe (PID: 4188)
      • powershell.exe (PID: 1556)
      • powershell.exe (PID: 756)
      • GPU Spoofer.exe (PID: 8448)
      • AntiOS 3.4.5.exe (PID: 664)
      • GPU Spoofer.exe (PID: 5224)
      • notepad.exe (PID: 6068)

    • Drops script file

      • WinRAR.exe (PID: 3440)
      • msedge.exe (PID: 5484)
      • CloakBox.exe (PID: 8448)
      • msiexec.exe (PID: 5528)
      • powershell.exe (PID: 756)
      • powershell.exe (PID: 4188)
      • powershell.exe (PID: 1556)
      • AntiOS 3.4.5.exe (PID: 664)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3440)
      • msiexec.exe (PID: 5920)
      • msiexec.exe (PID: 5528)

    • Checks supported languages

      • identity_helper.exe (PID: 5044)
      • CloakBox.exe (PID: 8448)
      • msiexec.exe (PID: 5528)
      • msiexec.exe (PID: 8700)
      • msiexec.exe (PID: 1656)
      • drvinst.exe (PID: 8668)
      • drvinst.exe (PID: 8792)
      • msiexec.exe (PID: 9188)
      • msiexec.exe (PID: 5920)
      • drvinst.exe (PID: 476)
      • VirtualBox.exe (PID: 1872)
      • VBoxSVC.exe (PID: 6216)
      • drvinst.exe (PID: 8904)
      • VBoxSDS.exe (PID: 4372)
      • VirtualBox.exe (PID: 936)
      • VBoxSVC.exe (PID: 7256)
      • VBoxSDS.exe (PID: 4616)
      • AntiOS 3.4.5.exe (PID: 664)
      • GPU Spoofer.exe (PID: 5224)
      • msiexec.exe (PID: 8048)

    • Reads the computer name

      • identity_helper.exe (PID: 5044)
      • CloakBox.exe (PID: 8448)
      • msiexec.exe (PID: 5528)
      • msiexec.exe (PID: 8700)
      • msiexec.exe (PID: 1656)
      • msiexec.exe (PID: 5920)
      • drvinst.exe (PID: 8668)
      • drvinst.exe (PID: 8792)
      • msiexec.exe (PID: 9188)
      • drvinst.exe (PID: 8904)
      • drvinst.exe (PID: 476)
      • VirtualBox.exe (PID: 1872)
      • VBoxSDS.exe (PID: 4372)
      • VBoxSVC.exe (PID: 6216)
      • VirtualBox.exe (PID: 936)
      • VBoxSVC.exe (PID: 7256)
      • VBoxSDS.exe (PID: 4616)
      • AntiOS 3.4.5.exe (PID: 664)
      • GPU Spoofer.exe (PID: 5224)
      • msiexec.exe (PID: 8048)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 3440)
      • CloakBox.exe (PID: 8448)
      • msiexec.exe (PID: 5528)
      • msiexec.exe (PID: 5920)
      • drvinst.exe (PID: 8668)
      • drvinst.exe (PID: 8792)
      • drvinst.exe (PID: 476)
      • drvinst.exe (PID: 8904)
      • AntiOS 3.4.5.exe (PID: 664)

    • Create files in a temporary directory

      • CloakBox.exe (PID: 8448)
      • msiexec.exe (PID: 5920)
      • AntiOS 3.4.5.exe (PID: 664)
      • GPU Spoofer.exe (PID: 5224)

    • Reads security settings of Internet Explorer

      • CloakBox.exe (PID: 8448)
      • VirtualBox.exe (PID: 1872)
      • VBoxSVC.exe (PID: 6216)
      • VirtualBox.exe (PID: 936)
      • VBoxSVC.exe (PID: 7256)
      • AntiOS 3.4.5.exe (PID: 664)
      • notepad.exe (PID: 6068)

    • Reads the machine GUID from the registry

      • CloakBox.exe (PID: 8448)
      • drvinst.exe (PID: 8668)
      • drvinst.exe (PID: 8904)
      • drvinst.exe (PID: 476)
      • VirtualBox.exe (PID: 1872)
      • VBoxSVC.exe (PID: 6216)
      • VirtualBox.exe (PID: 936)
      • VBoxSVC.exe (PID: 7256)
      • AntiOS 3.4.5.exe (PID: 664)

    • Checks proxy server information

      • CloakBox.exe (PID: 8448)
      • slui.exe (PID: 7788)
      • VirtualBox.exe (PID: 1872)
      • VirtualBox.exe (PID: 936)

    • Creates files or folders in the user directory

      • CloakBox.exe (PID: 8448)
      • AntiOS 3.4.5.exe (PID: 664)

    • Manages system restore points

      • SrTasks.exe (PID: 3552)

    • Creates or modifies Windows services

      • msiexec.exe (PID: 5920)

    • Found Base64 encoded access to Marshal class via PowerShell (YARA)

      • VirtualBox.exe (PID: 1872)

    • Found Base64 encoded reflection usage via PowerShell (YARA)

      • VirtualBox.exe (PID: 1872)

    • There is functionality for taking screenshot (YARA)

      • VirtualBox.exe (PID: 1872)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 4188)
      • powershell.exe (PID: 1556)
      • powershell.exe (PID: 756)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
220
Monitored processes
51
Malicious processes
4
Suspicious processes
7

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe cloakbox.exe slui.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs msiexec.exe drvinst.exe no specs drvinst.exe no specs msiexec.exe no specs drvinst.exe no specs drvinst.exe no specs virtualbox.exe vboxsvc.exe no specs vboxsds.exe no specs virtualbox.exe vboxsvc.exe no specs vboxsds.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs antios 3.4.5.exe no specs antios 3.4.5.exe gpu spoofer.exe no specs msiexec.exe no specs gpu spoofer.exe notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
476DrvInst.exe "4" "1" "C:\Program Files\Vektor T13\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf" "9" "414293377" "0000000000000218" "WinSta0\Default" "0000000000000200" "208" "C:\Program Files\Vektor T13\VirtualBox\drivers\network\netadp6"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
664"C:\Users\admin\Downloads\CloakBox\Utilities\AntiOS 3.4.5.exe" C:\Users\admin\Downloads\CloakBox\Utilities\AntiOS 3.4.5.exe
explorer.exe
User:
admin
Company:
Vektor T13 Technologies LLC.
Integrity Level:
HIGH
Description:
AntiOS Installer
Version:
3.4.5
Modules
Images
c:\users\admin\downloads\cloakbox\utilities\antios 3.4.5.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
756"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass "C:\Users\admin\Downloads\CloakBox\Utilities\RUN OUTSIDE VM.ps1"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
936"C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe" C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe
explorer.exe
User:
admin
Company:
Vektor T13
Integrity Level:
HIGH
Description:
VirtualBox Manager
Version:
7.2.4
Modules
Images
c:\program files\vektor t13\virtualbox\virtualbox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1044"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2272,i,17486102765850406533,10621045342707513517,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1432"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6580,i,17486102765850406533,10621045342707513517,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1556"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass "C:\Users\admin\Downloads\CloakBox\Utilities\RUN INSIDE VM.ps1"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1656C:\Windows\System32\MsiExec.exe -Embedding 9C758A23264F219D197DDB51FDC82B5AC:\Windows\System32\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1836"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --disable-quic --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=5304,i,17486102765850406533,10621045342707513517,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1872"C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe"C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe
CloakBox.exe
User:
admin
Company:
Vektor T13
Integrity Level:
HIGH
Description:
VirtualBox Manager
Exit code:
0
Version:
7.2.4
Modules
Images
c:\program files\vektor t13\virtualbox\virtualbox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\ucrtbase.dll
Total events
62 106
Read events
61 853
Write events
232
Delete events
21

Modification events

(PID) Process:(3440) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3440) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3440) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3440) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(8448) CloakBox.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
Operation:delete valueName:4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Value:
(PID) Process:(8448) CloakBox.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:writeName:Blob
Value:
040000000100000010000000E94FB54871208C00DF70F708AC47085B0F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C0300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B809000000010000000C000000300A06082B060105050703031D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD91400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B53000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C06200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF860B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F007400200052003400350000001900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B4200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
(PID) Process:(8448) CloakBox.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:writeName:Blob
Value:
5C0000000100000004000000001000001900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B40B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F007400200052003400350000006200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF8653000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C01400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B1D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD909000000010000000C000000300A06082B060105050703030300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B80F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C040000000100000010000000E94FB54871208C00DF70F708AC47085B200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
(PID) Process:(8448) CloakBox.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
Operation:delete valueName:D69B561148F01C77C54578C10926DF5B856976AD
Value:
(PID) Process:(8448) CloakBox.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD
Operation:writeName:Blob
Value:
040000000100000010000000C5DFB849CA051355EE2DBA1AC33EB0281400000001000000140000008FF04B7FA82E4524AE4D50FA639A8BDEE2DD1BBC0B000000010000003000000047006C006F00620061006C005300690067006E00200052006F006F00740020004300410020002D002000520033000000090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F00000001000000200000005229BA15B31B0C6F4CCA89C2985177974327D1B689A3B935A0BD975532AF22AB030000000100000014000000D69B561148F01C77C54578C10926DF5B856976AD190000000100000010000000D0FD3C9C380D7B65E26B9A3FEDD39B8F530000000100000040000000303E301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C0620000000100000020000000CBB522D7B7F127AD6A0113865BDF1CD4102E7D0759AF635A7CF4720DC963C53B1D000000010000001000000001728E1ECF7A9D86FB3CEC8948ABA9532000000001000000630300003082035F30820247A003020102020B04000000000121585308A2300D06092A864886F70D01010B0500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523331133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3039303331383130303030305A170D3239303331383130303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523331133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100CC2576907906782216F5C083B684CA289EFD057611C5AD8872FC460243C7B28A9D045F24CB2E4BE1608246E152AB0C8147706CDD64D1EBF52CA30F823D0C2BAE97D7B614861079BB3B1380778C08E149D26A622F1F5EFA9668DF892795389F06D73EC9CB26590D73DEB0C8E9260E8315C6EF5B8BD20460CA49A628F6693BF6CBC82891E59D8A615737AC7414DC74E03AEE722F2E9CFBD0BBBFF53D00E10633E8822BAE53A63A16738CDD410E203AC0B4A7A1E9B24F902E3260E957CBB904926868E538266075B29F77FF9114EFAE2049FCAD401548D1023161195EB897EFAD77B7649A7ABF5FC113EF9B62FB0D6CE0546916A903DA6EE983937176C6698582170203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604148FF04B7FA82E4524AE4D50FA639A8BDEE2DD1BBC300D06092A864886F70D01010B050003820101004B40DBC050AAFEC80CEFF796544549BB96000941ACB3138686280733CA6BE674B9BA002DAEA40AD3F5F1F10F8ABF73674A83C7447B78E0AF6E6C6F03298E333945C38EE4B9576CAAFC1296EC53C62DE4246CB99463FBDC536867563E83B8CF3521C3C968FECEDAC253AACC908AE9F05D468C95DD7A58281A2F1DDECD0037418FED446DD75328977EF367041E15D78A96B4D3DE4C27A44C1B737376F41799C21F7A0EE32D08AD0A1C2CFF3CAB550E0F917E36EBC35749BEE12E2D7C608BC3415113239DCEF7326B9401A899E72C331F3A3B25D28640CE3B2C8678C9612F14BAEEDB556FDF84EE05094DBD28D872CED36250651EEB92978331D9B3B5CA47583F5F
(PID) Process:(8448) CloakBox.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD
Operation:writeName:Blob
Value:
5C0000000100000004000000000800001D000000010000001000000001728E1ECF7A9D86FB3CEC8948ABA953620000000100000020000000CBB522D7B7F127AD6A0113865BDF1CD4102E7D0759AF635A7CF4720DC963C53B530000000100000040000000303E301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C0190000000100000010000000D0FD3C9C380D7B65E26B9A3FEDD39B8F030000000100000014000000D69B561148F01C77C54578C10926DF5B856976AD0F00000001000000200000005229BA15B31B0C6F4CCA89C2985177974327D1B689A3B935A0BD975532AF22AB090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080B000000010000003000000047006C006F00620061006C005300690067006E00200052006F006F00740020004300410020002D0020005200330000001400000001000000140000008FF04B7FA82E4524AE4D50FA639A8BDEE2DD1BBC040000000100000010000000C5DFB849CA051355EE2DBA1AC33EB0282000000001000000630300003082035F30820247A003020102020B04000000000121585308A2300D06092A864886F70D01010B0500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523331133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3039303331383130303030305A170D3239303331383130303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523331133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100CC2576907906782216F5C083B684CA289EFD057611C5AD8872FC460243C7B28A9D045F24CB2E4BE1608246E152AB0C8147706CDD64D1EBF52CA30F823D0C2BAE97D7B614861079BB3B1380778C08E149D26A622F1F5EFA9668DF892795389F06D73EC9CB26590D73DEB0C8E9260E8315C6EF5B8BD20460CA49A628F6693BF6CBC82891E59D8A615737AC7414DC74E03AEE722F2E9CFBD0BBBFF53D00E10633E8822BAE53A63A16738CDD410E203AC0B4A7A1E9B24F902E3260E957CBB904926868E538266075B29F77FF9114EFAE2049FCAD401548D1023161195EB897EFAD77B7649A7ABF5FC113EF9B62FB0D6CE0546916A903DA6EE983937176C6698582170203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604148FF04B7FA82E4524AE4D50FA639A8BDEE2DD1BBC300D06092A864886F70D01010B050003820101004B40DBC050AAFEC80CEFF796544549BB96000941ACB3138686280733CA6BE674B9BA002DAEA40AD3F5F1F10F8ABF73674A83C7447B78E0AF6E6C6F03298E333945C38EE4B9576CAAFC1296EC53C62DE4246CB99463FBDC536867563E83B8CF3521C3C968FECEDAC253AACC908AE9F05D468C95DD7A58281A2F1DDECD0037418FED446DD75328977EF367041E15D78A96B4D3DE4C27A44C1B737376F41799C21F7A0EE32D08AD0A1C2CFF3CAB550E0F917E36EBC35749BEE12E2D7C608BC3415113239DCEF7326B9401A899E72C331F3A3B25D28640CE3B2C8678C9612F14BAEEDB556FDF84EE05094DBD28D872CED36250651EEB92978331D9B3B5CA47583F5F
Executable files
126
Suspicious files
188
Text files
389
Unknown types
1

Dropped files

PID
Process
Filename
Type
2572msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1e51e6.TMP
MD5:
SHA256:
2572msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
2572msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1e51f6.TMP
MD5:
SHA256:
2572msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1e51f6.TMP
MD5:
SHA256:
2572msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
2572msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
2572msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1e5206.TMP
MD5:
SHA256:
2572msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1e5206.TMP
MD5:
SHA256:
2572msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
2572msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
71
TCP/UDP connections
83
DNS requests
58
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2336
msedge.exe
GET
302
140.82.121.4:443
https://github.com/Batlez/CloakBox/releases/download/4/CloakBox.zip
US
unknown
2336
msedge.exe
GET
200
185.199.111.133:443
https://release-assets.githubusercontent.com/github-production-release-asset/786627499/6b5cf111-e192-41ea-8f82-a28872d4dd56?sp=r&sv=2018-11-09&sr=b&spr=https&se=2026-02-07T17%3A45%3A11Z&rscd=attachment%3B+filename%3DCloakBox.zip&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2026-02-07T16%3A45%3A01Z&ske=2026-02-07T17%3A45%3A11Z&sks=b&skv=2018-11-09&sig=0nwc0cgDT76bqsMJKEW2g1fFtB25yo31ZGuRVsRAxO8%3D&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc3MDQ4NjQzMywibmJmIjoxNzcwNDgyODMzLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.qxwNrXdA3BwQNW8hT9EotwpbJDK9MV_H2KfIhJhjd48&response-content-disposition=attachment%3B%20filename%3DCloakBox.zip&response-content-type=application%2Foctet-stream
US
whitelisted
2336
msedge.exe
GET
304
150.171.28.11:443
https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
US
whitelisted
GET
200
23.210.252.238:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
US
binary
313 b
whitelisted
2336
msedge.exe
GET
200
13.107.246.44:443
https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.11.79/asset?assetgroup=Shoreline
US
text
128 Kb
unknown
2336
msedge.exe
GET
200
52.123.243.217:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=EdgeRuntime%2CEdgeRuntimeConfig%2CEdgeDomainActions&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=66&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1770482832&lafgdate=0
US
text
41.4 Kb
whitelisted
7408
SIHClient.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
US
binary
409 b
whitelisted
2336
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:EpUEGcxuAPNT2E3AxcUWVC_8yo3uWz4WRrnaVQhXjJs&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
97 b
whitelisted
2336
msedge.exe
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
446 b
whitelisted
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D
US
binary
959 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
5512
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2328
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
184.86.251.27:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
2.16.204.142:443
th.bing.com
AKAMAI-ASN1
NL
whitelisted
5568
SearchApp.exe
184.86.251.27:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
23.210.252.238:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3412
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
whitelisted
th.bing.com
  • 2.16.204.142
  • 2.16.204.135
  • 2.16.204.141
  • 2.16.204.148
  • 2.16.204.146
  • 2.16.204.149
  • 2.16.204.150
  • 2.16.204.138
  • 2.16.204.143
whitelisted
www.bing.com
  • 184.86.251.27
  • 184.86.251.21
  • 184.86.251.13
  • 184.86.251.4
  • 184.86.251.14
  • 184.86.251.20
  • 184.86.251.9
  • 2.16.204.142
  • 2.16.204.135
  • 2.16.204.141
  • 2.16.204.148
  • 2.16.204.146
  • 2.16.204.149
  • 2.16.204.150
  • 2.16.204.138
  • 2.16.204.143
whitelisted
self.events.data.microsoft.com
  • 52.168.117.174
  • 52.182.143.214
whitelisted
ocsp.digicert.com
  • 23.210.252.238
  • 162.159.142.9
  • 172.66.2.5
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
google.com
  • 142.250.186.78
whitelisted
client.wns.windows.com
  • 172.211.123.249
  • 172.211.123.248
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 52.123.243.217
  • 52.123.224.72
  • 52.123.243.72
  • 52.123.243.84
whitelisted

Threats

PID
Process
Class
Message
2336
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access release user assets on GitHub
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://github.com/Batlez/CloakBox/releases/download/4/CloakBox.zip