analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.mediafire.com/file/km7e7b0lbdkhrms/Wondershare_Filmora_10.1.20.15.exe/file

Full analysis: https://app.any.run/tasks/18fabbe4-51d3-4f02-87eb-71d04750f083
Verdict: Malicious activity
Analysis date: October 05, 2022, 01:18:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

B20220FFDEE5D8EE9028D92436E6C163

SHA1:

9D0621ADAAA8366F47C6B627287DB5AFCF2465C5

SHA256:

56FB4ED18A32DAFAC9019EFFC9F57CD120E11DF676BDB52D80F0BDA38C75439E

SSDEEP:

3:N8DSLw3eGUozSDSCjWQxJIxCl2vDIA:2OLw3eGuCQxeCy9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Drops executable file immediately after starts

      • iexplore.exe (PID: 1364)
      • Wondershare Filmora 10.1.20.15.exe (PID: 3588)
    • Application was dropped or rewritten from another process

      • Wondershare Filmora 10.1.20.15.exe (PID: 2492)
      • Wondershare Filmora 10.1.20.15.exe (PID: 3588)
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 1364)
    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 1364)
      • Wondershare Filmora 10.1.20.15.exe (PID: 3588)
    • Drops a file with a compile date too recent

      • iexplore.exe (PID: 1364)
      • Wondershare Filmora 10.1.20.15.exe (PID: 3588)
    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2204)
    • Checks supported languages

      • Wondershare Filmora 10.1.20.15.tmp (PID: 2392)
      • Wondershare Filmora 10.1.20.15.exe (PID: 3588)
  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 2380)
      • iexplore.exe (PID: 1364)
      • chrome.exe (PID: 2204)
      • chrome.exe (PID: 2624)
      • chrome.exe (PID: 3104)
      • chrome.exe (PID: 1264)
      • chrome.exe (PID: 1040)
    • Checks supported languages

      • iexplore.exe (PID: 2380)
      • iexplore.exe (PID: 1364)
      • chrome.exe (PID: 2204)
      • chrome.exe (PID: 2624)
      • chrome.exe (PID: 2712)
      • chrome.exe (PID: 3976)
      • chrome.exe (PID: 2500)
      • chrome.exe (PID: 3780)
      • chrome.exe (PID: 3104)
      • chrome.exe (PID: 3656)
      • chrome.exe (PID: 3588)
      • chrome.exe (PID: 2528)
      • chrome.exe (PID: 3616)
      • chrome.exe (PID: 3220)
      • chrome.exe (PID: 2880)
      • chrome.exe (PID: 2832)
      • chrome.exe (PID: 3176)
      • chrome.exe (PID: 2552)
      • chrome.exe (PID: 1264)
      • chrome.exe (PID: 4004)
      • chrome.exe (PID: 3684)
      • chrome.exe (PID: 3920)
      • chrome.exe (PID: 3564)
      • chrome.exe (PID: 984)
      • chrome.exe (PID: 3576)
      • chrome.exe (PID: 4068)
      • chrome.exe (PID: 3160)
      • chrome.exe (PID: 2820)
      • chrome.exe (PID: 2448)
      • chrome.exe (PID: 1984)
      • chrome.exe (PID: 2700)
      • chrome.exe (PID: 4044)
      • chrome.exe (PID: 2132)
      • chrome.exe (PID: 2764)
      • chrome.exe (PID: 2832)
      • chrome.exe (PID: 1040)
      • chrome.exe (PID: 3984)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2380)
      • iexplore.exe (PID: 1364)
      • chrome.exe (PID: 2624)
    • Application launched itself

      • iexplore.exe (PID: 2380)
      • chrome.exe (PID: 2204)
    • Changes internet zones settings

      • iexplore.exe (PID: 2380)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2380)
      • iexplore.exe (PID: 1364)
    • Creates files in the user directory

      • iexplore.exe (PID: 1364)
      • iexplore.exe (PID: 2380)
    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 2380)
    • Changes settings of System certificates

      • iexplore.exe (PID: 2380)
    • Reads internet explorer settings

      • iexplore.exe (PID: 1364)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2380)
    • Manual execution by user

      • chrome.exe (PID: 2204)
    • Reads the hosts file

      • chrome.exe (PID: 2204)
      • chrome.exe (PID: 2624)
    • Application was dropped or rewritten from another process

      • Wondershare Filmora 10.1.20.15.tmp (PID: 2392)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
80
Monitored processes
40
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs wondershare filmora 10.1.20.15.exe no specs wondershare filmora 10.1.20.15.exe wondershare filmora 10.1.20.15.tmp no specs

Process information

PID
CMD
Path
Indicators
Parent process
2380"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.mediafire.com/file/km7e7b0lbdkhrms/Wondershare_Filmora_10.1.20.15.exe/file"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
1364"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2380 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2204"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
2712"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e29d988,0x6e29d998,0x6e29d9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
3104"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1020,3416397371891445214,10089585683921714290,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1056 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2624"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1020,3416397371891445214,10089585683921714290,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1340 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
3656"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3416397371891445214,10089585683921714290,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
3780"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3416397371891445214,10089585683921714290,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
3976"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3416397371891445214,10089585683921714290,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2500"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1020,3416397371891445214,10089585683921714290,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
Total events
34 415
Read events
34 184
Write events
227
Delete events
4

Modification events

(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30988376
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30988376
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
2
Suspicious files
218
Text files
176
Unknown types
46

Dropped files

PID
Process
Filename
Type
1364iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dder
MD5:596D2FDCEBB9285D08C83E8C66F21DC9
SHA256:0231BC4602667FF24BFA1CAAB1D56C225A54031C452C9DE84B810BE18628A3E3
1364iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAder
MD5:5A11C6099B9E5808DFB08C5C9570C92F
SHA256:91291A5EDC4E10A225D3C23265D236ECC74473D9893BE5BD07E202D95B3FB172
1364iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dbinary
MD5:01BDBAF7A769ABC1C077198F0C4DF6A6
SHA256:41C99A346A81CD2FEE16AB6FB88EAC874BA54BCDEB4FCF7AE9C83BF64A5B5FFB
1364iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:87AAD071DDAAAD8ADB70E4DABCC1A750
SHA256:2D558A3FE733F9893095B3758FF661E7B48DB7D8D725D7AC9EDBFFABC65D1613
1364iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\file[1].htmhtml
MD5:10024B73BD0EDDB43FFED648D94EB51A
SHA256:38C39CD465D2F1C0481E640D0993E1FDF39B4AC0F627C914C99F9AECBC717A11
1364iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:20EBBFA9BBC044251AE634C1CAD08E56
SHA256:0DD9C84EE275DC92CCFC0ED1AEDD113AF219522CF055D38A3C0FFBE43472F842
1364iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:196C15BDF94309D112DD59D1D9F5915E
SHA256:41393AD8FACB307B3B24C0BB4B28E4E9CC6B0D9DC02D4523F051257A057EF0A4
1364iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\UDZ92JDB.txttext
MD5:EAEB1863EFA90C1E3040FC94347AB21B
SHA256:A79B1E0B80559AC7A454A67E93F07E276119F3432655B53DD2A148E674FCB090
1364iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_C89A7CE86B947A5BDDEC66331470004Ader
MD5:60DEA52ABE2437132A0387AD8BECC0AC
SHA256:AC998FB48810AEB183EC2D19CFD58B81F2243207ADD4C553E1E87F00FA6D5F3F
1364iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\LRS92ET0.txttext
MD5:892FB81D31DC99C1243A0DA10EFBEA79
SHA256:0248E65C36E1A5F4B95BD1A0B5D18EDD69DE1B18B4638EF2CF4EB851D3BE4B04
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
211
DNS requests
118
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1364
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
1364
iexplore.exe
GET
200
216.58.212.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
1364
iexplore.exe
GET
200
8.248.117.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?324763103124cedb
US
compressed
4.70 Kb
whitelisted
2380
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
1364
iexplore.exe
GET
200
216.58.212.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGOlwNI5ZtyUEgHpNAgRyd0%3D
US
der
471 b
whitelisted
1364
iexplore.exe
GET
13.226.156.21:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
whitelisted
1364
iexplore.exe
GET
200
216.58.212.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD6a7qQTCYd8hJU9n3M3mXb
US
der
472 b
whitelisted
1364
iexplore.exe
GET
200
216.58.212.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
1364
iexplore.exe
GET
200
216.58.212.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCECY%2B0YL3%2ByMOCtPdrqPffYg%3D
US
der
471 b
whitelisted
1364
iexplore.exe
GET
200
104.18.32.68:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQDW1tEXOcnucS9%2F2dFgvl%2By
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2380
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
2380
iexplore.exe
204.79.197.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1364
iexplore.exe
104.16.54.48:443
www.mediafire.com
CLOUDFLARENET
suspicious
1364
iexplore.exe
104.18.32.68:80
ocsp.usertrust.com
CLOUDFLARENET
suspicious
1364
iexplore.exe
142.250.184.200:443
www.googletagmanager.com
GOOGLE
US
suspicious
1364
iexplore.exe
104.18.47.230:443
static.cloudflareinsights.com
CLOUDFLARENET
malicious
1364
iexplore.exe
8.248.117.254:80
ctldl.windowsupdate.com
LEVEL3
US
malicious
1364
iexplore.exe
142.250.186.46:443
translate.google.com
GOOGLE
US
whitelisted
1364
iexplore.exe
172.67.70.134:443
btloader.com
CLOUDFLARENET
US
suspicious
1364
iexplore.exe
216.58.212.131:80
ocsp.pki.goog
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
www.mediafire.com
  • 104.16.54.48
  • 104.16.53.48
shared
ctldl.windowsupdate.com
  • 8.248.117.254
  • 8.248.147.254
  • 8.248.143.254
  • 8.238.29.254
  • 67.27.158.254
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.usertrust.com
  • 104.18.32.68
  • 172.64.155.188
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
www.googletagmanager.com
  • 142.250.184.200
whitelisted
btloader.com
  • 172.67.70.134
  • 104.26.7.139
  • 104.26.6.139
whitelisted
translate.google.com
  • 142.250.186.46
whitelisted
static.cloudflareinsights.com
  • 104.18.47.230
  • 172.64.156.26
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO File Sharing Related Domain in DNS Lookup (download .mediafire .com)
No debug info