File name:

idman642build11.exe

Full analysis: https://app.any.run/tasks/088c9182-79b5-4aa6-bd80-b67d8e923b69
Verdict: Malicious activity
Analysis date: June 21, 2024, 15:38:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

88CA2D9EE26FF0D06224E6676B243B7A

SHA1:

CE9A483B453AE1F0F03CD61751F3EF4A94D1724A

SHA256:

58C1D64A0B10F23B468DA3FE138DCE766B340CAB91B33F2783B68DB63DEBC4D3

SSDEEP:

196608:6WGnc0/KPq8p0SpjdXANqCvmcAFzJ4Khl:6Wac7q0MqCVA9JPv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • idman642build11.exe (PID: 3200)
      • IDMan.exe (PID: 2840)

    • Creates a writable file in the system directory

      • rundll32.exe (PID: 3612)

    • Changes the autorun value in the registry

      • rundll32.exe (PID: 3612)
      • IDMan.exe (PID: 2840)

    • Starts NET.EXE for service management

      • net.exe (PID: 3092)
      • Uninstall.exe (PID: 3152)

  • SUSPICIOUS

    • Starts application with an unusual extension

      • idman642build11.exe (PID: 3200)

    • Creates a software uninstall entry

      • IDM1.tmp (PID: 3196)

    • The process creates files with name similar to system file names

      • IDM1.tmp (PID: 3196)

    • Creates/Modifies COM task schedule object

      • IDM1.tmp (PID: 3196)
      • IDMan.exe (PID: 2840)
      • Uninstall.exe (PID: 3152)

    • Reads the Internet Settings

      • IDM1.tmp (PID: 3196)
      • IDMan.exe (PID: 2840)
      • Uninstall.exe (PID: 3152)
      • runonce.exe (PID: 3072)
      • IDMan.exe (PID: 2540)

    • Checks Windows Trust Settings

      • IDMan.exe (PID: 2840)
      • IDMan.exe (PID: 2540)

    • Reads settings of System Certificates

      • IDMan.exe (PID: 2840)
      • IDMan.exe (PID: 2540)

    • Executable content was dropped or overwritten

      • IDMan.exe (PID: 2840)
      • rundll32.exe (PID: 3612)

    • Drops a system driver (possible attempt to evade defenses)

      • rundll32.exe (PID: 3612)

    • Reads security settings of Internet Explorer

      • Uninstall.exe (PID: 3152)
      • IDMan.exe (PID: 2540)
      • IDMan.exe (PID: 2840)
      • IDM1.tmp (PID: 3196)

    • Uses RUNDLL32.EXE to load library

      • Uninstall.exe (PID: 3152)

    • Creates or modifies Windows services

      • Uninstall.exe (PID: 3152)

  • INFO

    • Checks supported languages

      • idman642build11.exe (PID: 3200)
      • IDM1.tmp (PID: 3196)
      • Uninstall.exe (PID: 3152)
      • MediumILStart.exe (PID: 2504)
      • IDMan.exe (PID: 2540)
      • IEMonitor.exe (PID: 1620)
      • IDMan.exe (PID: 2840)
      • idmBroker.exe (PID: 2080)

    • Reads the machine GUID from the registry

      • IDMan.exe (PID: 2840)
      • IDM1.tmp (PID: 3196)
      • MediumILStart.exe (PID: 2504)
      • IDMan.exe (PID: 2540)

    • Creates files in the program directory

      • IDM1.tmp (PID: 3196)
      • IDMan.exe (PID: 2840)

    • Create files in a temporary directory

      • IDM1.tmp (PID: 3196)
      • idman642build11.exe (PID: 3200)
      • IDMan.exe (PID: 2840)
      • IDMan.exe (PID: 2540)

    • Creates files or folders in the user directory

      • IDM1.tmp (PID: 3196)
      • IDMan.exe (PID: 2840)

    • Reads the software policy settings

      • IDMan.exe (PID: 2840)
      • IDMan.exe (PID: 2540)

    • Disables trace logs

      • IDMan.exe (PID: 2840)
      • IDMan.exe (PID: 2540)

    • Checks proxy server information

      • IDMan.exe (PID: 2840)

    • Creates files in the driver directory

      • rundll32.exe (PID: 3612)

    • Application launched itself

      • firefox.exe (PID: 3364)
      • firefox.exe (PID: 3572)

    • Drops the executable file immediately after the start

      • rundll32.exe (PID: 3612)

    • Reads the time zone

      • runonce.exe (PID: 3072)

    • Manual execution by a user

      • firefox.exe (PID: 3364)

    • Reads the computer name

      • Uninstall.exe (PID: 3152)
      • MediumILStart.exe (PID: 2504)
      • IDMan.exe (PID: 2540)
      • IEMonitor.exe (PID: 1620)
      • IDM1.tmp (PID: 3196)
      • IDMan.exe (PID: 2840)

    • Reads security settings of Internet Explorer

      • runonce.exe (PID: 3072)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (35.8)
.exe | Win64 Executable (generic) (31.7)
.scr | Windows screen saver (15)
.dll | Win32 Dynamic Link Library (generic) (7.5)
.exe | Win32 Executable (generic) (5.1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:05 16:11:53+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 15872
InitializedDataSize: 26624
UninitializedDataSize: -
EntryPoint: 0x4336
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 6.42.11.1
ProductVersionNumber: 6.42.11.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: Please visit http://www.internetdownloadmanager.com
CompanyName: Tonec Inc.
FileDescription: Internet Download Manager installer
FileVersion: 6, 42, 11, 1
InternalName: installer
LegalCopyright: © 1999-2024. Tonec FZE. All rights reserved.
LegalTrademarks: Internet Download Manager (IDM)
OriginalFileName: installer.exe
PrivateBuild: -
ProductName: Internet Download Manager installer
ProductVersion: 6, 42, 11, 1
SpecialBuild: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
67
Monitored processes
26
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start idman642build11.exe idm1.tmp no specs idmbroker.exe no specs idman.exe firefox.exe no specs uninstall.exe no specs firefox.exe no specs firefox.exe rundll32.exe runonce.exe no specs grpconv.exe no specs net.exe no specs net1.exe no specs mediumilstart.exe no specs idman.exe no specs iemonitor.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs idman642build11.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
936"C:\Windows\System32\grpconv.exe" -oC:\Windows\System32\grpconv.exerunonce.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Progman Group Converter
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\grpconv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1620"C:\Program Files\Internet Download Manager\IEMonitor.exe"C:\Program Files\Internet Download Manager\IEMonitor.exeIDMan.exe
User:
admin
Company:
Tonec Inc.
Integrity Level:
MEDIUM
Description:
Internet Download Manager agent for click monitoring in IE-based browsers
Version:
6, 37, 8, 1
Modules
Images
c:\program files\internet download manager\iemonitor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2080"C:\Program Files\Internet Download Manager\idmBroker.exe" -RegServerC:\Program Files\Internet Download Manager\idmBroker.exeIDM1.tmp
User:
admin
Company:
Internet Download Manager, Tonec Inc.
Integrity Level:
HIGH
Description:
Broker for reading of IDM settings
Exit code:
0
Version:
6, 35, 9, 1
Modules
Images
c:\program files\internet download manager\idmbroker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2348"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3572.8.1384671398\1812801244" -childID 7 -isForBrowser -prefsHandle 4176 -prefMapHandle 4344 -prefsLen 29313 -prefMapSize 244195 -jsInitHandle 888 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2255edc1-5821-4af8-b5cc-7627dc8f50b0} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" 4352 22b2d3f0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2504"C:\Program Files\Internet Download Manager\MediumILStart.exe"C:\Program Files\Internet Download Manager\MediumILStart.exeIDMan.exe
User:
admin
Company:
Internet Download Manager, Tonec Inc.
Integrity Level:
MEDIUM
Description:
IDM module
Exit code:
0
Version:
6, 42, 2, 1
Modules
Images
c:\program files\internet download manager\mediumilstart.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2540"C:\Program Files\Internet Download Manager\IDMan.exe" -EmbeddingC:\Program Files\Internet Download Manager\IDMan.exesvchost.exe
User:
admin
Company:
Tonec Inc.
Integrity Level:
MEDIUM
Description:
Internet Download Manager (IDM)
Version:
6, 42, 11, 2
Modules
Images
c:\program files\internet download manager\idman.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2840"C:\Program Files\Internet Download Manager\IDMan.exe" /rtr /setlngid 9 /fulllngfile idm_jp.lngC:\Program Files\Internet Download Manager\IDMan.exe
IDM1.tmp
User:
admin
Company:
Tonec Inc.
Integrity Level:
HIGH
Description:
Internet Download Manager (IDM)
Exit code:
1
Version:
6, 42, 11, 2
Modules
Images
c:\program files\internet download manager\idman.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2980"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.htmlC:\Program Files\Mozilla Firefox\firefox.exeIDMan.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
HIGH
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
3004"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3572.7.222551427\764365181" -childID 6 -isForBrowser -prefsHandle 3720 -prefMapHandle 3808 -prefsLen 34370 -prefMapSize 244195 -jsInitHandle 888 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a782fdf3-da7d-4571-bb2b-0da5e3534c13} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" 3800 1eeea6d0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
3072"C:\Windows\system32\runonce.exe" -rC:\Windows\System32\runonce.exerundll32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Run Once Wrapper
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\runonce.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
30 949
Read events
30 295
Write events
562
Delete events
92

Modification events

(PID) Process:(3196) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager
Operation:writeName:UninstallString
Value:
C:\Program Files\Internet Download Manager\Uninstall.exe
(PID) Process:(3196) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager
Operation:writeName:DisplayName
Value:
Internet Download Manager
(PID) Process:(3196) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager
Operation:writeName:DisplayVersion
Value:
6.42.11
(PID) Process:(3196) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Internet Download Manager\IDMan.exe
(PID) Process:(3196) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager
Operation:writeName:Publisher
Value:
Tonec Inc.
(PID) Process:(3196) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager
Operation:writeName:URLInfoAbout
Value:
http://www.internetdownloadmanager.com
(PID) Process:(3196) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager
Operation:writeName:HelpLink
Value:
http://www.internetdownloadmanager.com/contact_us.html
(PID) Process:(3196) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
Operation:writeName:PendingFileRenameOperations
Value:
\??\C:\Users\admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
(PID) Process:(3196) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Operation:writeName:NoExplorer
Value:
1
(PID) Process:(3196) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}
Operation:writeName:AppName
Value:
IDMan.exe
Executable files
12
Suspicious files
120
Text files
34
Unknown types
7

Dropped files

PID
Process
Filename
Type
3196IDM1.tmpC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnkbinary
MD5:0C10BF5B9059CF89BAA64A8079B97152
SHA256:7EF44F2DEBD5DE87B229412FA820F54D0229DBE506112C647B5D1D609DFA47C2
3196IDM1.tmpC:\Users\admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.logbinary
MD5:1C92BCB479B9EE7BBC5F5E6754B125B2
SHA256:95EFFBCC2269DB3E96C984D8249D14DBCDD8D4CF6A43143CBA0D7D20F96DF991
3196IDM1.tmpC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnkbinary
MD5:26E8FF711C466EBCECB3DD3A61D3DE45
SHA256:3CDD20F00E2DA05F009733855C0929FE8D2D6631F65BF5BF803E2D12C2F96FD4
3196IDM1.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnklnk
MD5:843CC503553DF69502D091E48214E98F
SHA256:0943FE69BAE88CC57665FB2310B052D4FC1EB4DBE0DA2A0BCF3F9C3D8E1D43D4
3196IDM1.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnklnk
MD5:25AD5B29F2642685E47876A563E5271B
SHA256:CECFCD478EE6F65A3230B9AED2BFC7A76EAFC9FC0F2B65228E318A631B8C6CD1
3196IDM1.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnkbinary
MD5:5D3EF9780BDBC5C4C40A3212DD732DFE
SHA256:7D9D5E1AF1A1C3C86ABB333B5D471F5C35ED18A67E24C0DA50D0003E65023F23
3196IDM1.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnklnk
MD5:341A4829E949F4E468BA1CE07EF64655
SHA256:6D3491D1E8B6DF738FE5783B3CFBAC884B721684B4A178A39E5648F90F6F09A4
3196IDM1.tmpC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnklnk
MD5:87E40F6A3880C16F810E585BADCBFD54
SHA256:2A41F65752E404ED641F8B097BF44F296B73BA58434B026D2E6BEDC043BCC3F2
3196IDM1.tmpC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnkbinary
MD5:09DC16D1EFD18BBC8394B420237F8CDB
SHA256:81385A806F255978297D79BC0B552F7207095E931EDF09FA254FEA033A672E21
2840IDMan.exeC:\Users\admin\AppData\Roaming\IDM\urlexclist.datbinary
MD5:AEE43AB150A20FCBACAE2088984F2B0E
SHA256:49CC9662B3C44F3EEFE6A6FA967CA34E0DA9606D451A6C408EE295CCEF01E852
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
19
TCP/UDP connections
52
DNS requests
122
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
2.19.126.163:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
unknown
1372
svchost.exe
GET
200
2.16.164.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
1372
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
3572
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
unknown
3572
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
unknown
2840
IDMan.exe
GET
200
88.221.110.91:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?67c7287fbf7f51f6
unknown
unknown
3572
firefox.exe
POST
200
95.101.54.114:80
http://r10.o.lencr.org/
unknown
unknown
3572
firefox.exe
POST
200
95.101.54.114:80
http://r10.o.lencr.org/
unknown
unknown
3572
firefox.exe
POST
200
95.101.54.208:80
http://r3.o.lencr.org/
unknown
unknown
3572
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1372
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
224.0.0.252:5355
unknown
1060
svchost.exe
224.0.0.252:5355
unknown
1372
svchost.exe
2.19.126.163:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
2.16.164.114:80
crl.microsoft.com
Akamai International B.V.
NL
unknown
1372
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
unknown
2840
IDMan.exe
88.221.110.91:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
3572
firefox.exe
169.61.27.133:443
secure.internetdownloadmanager.com
SOFTLAYER
US
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
ctldl.windowsupdate.com
  • 2.19.126.163
  • 2.19.126.137
  • 88.221.110.91
  • 2.16.100.168
whitelisted
crl.microsoft.com
  • 2.16.164.114
  • 2.16.164.97
  • 2.16.164.18
  • 2.16.164.43
  • 2.16.164.49
  • 2.16.164.24
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
test.internetdownloadmanager.com
  • 185.80.221.18
whitelisted
secure.internetdownloadmanager.com
  • 169.61.27.133
whitelisted
www.internetdownloadmanager.com
  • 169.61.27.133
whitelisted
mirror3.internetdownloadmanager.com
  • 174.127.113.77
whitelisted
mirror5.internetdownloadmanager.com
  • 185.80.221.19
whitelisted
registeridm.com
  • 169.61.27.133
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
idman642build11.exe