File name:

Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com.zip

Full analysis: https://app.any.run/tasks/6fc4bafd-c14e-4a67-b139-9521892e6f01
Verdict: Malicious activity
Analysis date: July 20, 2021, 02:24:35
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

340AD223F6BB20C94553F97DE6299032

SHA1:

CFCBCBF0B13A7C65BEAD03C337EB62E3F65343B8

SHA256:

5F0C8A01CDB94D3ABF07217701444DEF69BFBF9296047815D144439A9EF39150

SSDEEP:

49152:rheNSnWwsoWKxdG99hPFkGwq4cyWvnfmnyz6gtgwBMy:rheoZsoW4dq9hPxwPctnunY6gtgwKy

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Keygen.exe (PID: 1820)
      • ndp48-web.exe (PID: 1996)
      • ndp48-web.exe (PID: 1892)
      • Setup.exe (PID: 3432)
      • SetupUtility.exe (PID: 2548)
      • SetupUtility.exe (PID: 1984)
      • ServiceModelReg.exe (PID: 1916)
      • regtlibv12.exe (PID: 3876)
      • regtlibv12.exe (PID: 116)
      • regtlibv12.exe (PID: 932)
      • regtlibv12.exe (PID: 2424)
      • regtlibv12.exe (PID: 4068)
      • regtlibv12.exe (PID: 3512)
      • aspnet_regiis.exe (PID: 2108)
      • regtlibv12.exe (PID: 3124)
      • mscorsvw.exe (PID: 3836)
      • ngen.exe (PID: 2524)

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3512)
      • Setup.exe (PID: 3432)
      • MsiExec.exe (PID: 3588)
      • MsiExec.exe (PID: 1008)
      • Keygen.exe (PID: 1820)
      • msiexec.exe (PID: 1828)
      • svchost.exe (PID: 768)
      • aspnet_regiis.exe (PID: 2108)
      • mscorsvw.exe (PID: 3836)
      • ngen.exe (PID: 2524)

    • Actions looks like stealing of personal data

      • ndp48-web.exe (PID: 1892)

    • Changes settings of System certificates

      • Setup.exe (PID: 3432)

    • Changes the autorun value in the registry

      • msiexec.exe (PID: 1828)

    • Loads the Task Scheduler COM API

      • ngen.exe (PID: 2524)

  • SUSPICIOUS

    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 1532)
      • iexplore.exe (PID: 404)
      • iexplore.exe (PID: 2868)
      • ndp48-web.exe (PID: 1892)
      • msiexec.exe (PID: 1828)

    • Checks supported languages

      • WinRAR.exe (PID: 1532)
      • Keygen.exe (PID: 1820)
      • ndp48-web.exe (PID: 1892)
      • Setup.exe (PID: 3432)
      • SetupUtility.exe (PID: 2548)
      • SetupUtility.exe (PID: 1984)
      • TMPB357.tmp.exe (PID: 332)
      • ServiceModelReg.exe (PID: 1916)
      • regtlibv12.exe (PID: 3876)
      • regtlibv12.exe (PID: 3512)
      • regtlibv12.exe (PID: 932)
      • regtlibv12.exe (PID: 116)
      • regtlibv12.exe (PID: 2424)
      • regtlibv12.exe (PID: 4068)
      • mofcomp.exe (PID: 1936)
      • aspnet_regiis.exe (PID: 2108)
      • mofcomp.exe (PID: 2516)
      • mofcomp.exe (PID: 2776)
      • regtlibv12.exe (PID: 3124)
      • mscorsvw.exe (PID: 3836)
      • ngen.exe (PID: 2524)

    • Reads the computer name

      • WinRAR.exe (PID: 1532)
      • Keygen.exe (PID: 1820)
      • ndp48-web.exe (PID: 1892)
      • Setup.exe (PID: 3432)
      • SetupUtility.exe (PID: 2548)
      • SetupUtility.exe (PID: 1984)
      • TMPB357.tmp.exe (PID: 332)
      • ServiceModelReg.exe (PID: 1916)
      • mofcomp.exe (PID: 1936)
      • aspnet_regiis.exe (PID: 2108)
      • mofcomp.exe (PID: 2516)
      • mofcomp.exe (PID: 2776)
      • mscorsvw.exe (PID: 3836)
      • ngen.exe (PID: 2524)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1532)
      • iexplore.exe (PID: 404)
      • iexplore.exe (PID: 2868)
      • ndp48-web.exe (PID: 1892)
      • Setup.exe (PID: 3432)
      • TMPB357.tmp.exe (PID: 332)
      • msiexec.exe (PID: 1828)

    • Drops a file with too old compile date

      • WinRAR.exe (PID: 1532)
      • msiexec.exe (PID: 1828)

    • Starts Internet Explorer

      • Keygen.exe (PID: 1820)

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2868)

    • Reads Environment values

      • Setup.exe (PID: 3432)

    • Reads CPU info

      • Setup.exe (PID: 3432)

    • Executed as Windows Service

      • msiexec.exe (PID: 1828)

    • Reads Windows owner or organization settings

      • msiexec.exe (PID: 1828)

    • Reads the Windows organization settings

      • msiexec.exe (PID: 1828)

    • Application launched itself

      • msiexec.exe (PID: 1828)

    • Creates/Modifies COM task schedule object

      • msiexec.exe (PID: 1828)
      • aspnet_regiis.exe (PID: 2108)

    • Searches for installed software

      • msiexec.exe (PID: 1828)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 1828)

    • Checks for the .NET to be installed

      • msiexec.exe (PID: 1828)

    • Creates files in the Windows directory

      • msiexec.exe (PID: 1828)
      • lodctr.exe (PID: 3640)
      • ngen.exe (PID: 2524)
      • aspnet_regiis.exe (PID: 2108)
      • lodctr.exe (PID: 3420)
      • lodctr.exe (PID: 3096)
      • lodctr.exe (PID: 2408)
      • lodctr.exe (PID: 3184)

    • Removes files from Windows directory

      • msiexec.exe (PID: 1828)
      • lodctr.exe (PID: 3640)
      • aspnet_regiis.exe (PID: 2108)
      • lodctr.exe (PID: 3096)
      • lodctr.exe (PID: 2408)
      • lodctr.exe (PID: 3184)
      • lodctr.exe (PID: 3420)

  • INFO

    • Manual execution by user

      • Keygen.exe (PID: 1820)

    • Reads the computer name

      • iexplore.exe (PID: 404)
      • iexplore.exe (PID: 2868)
      • msiexec.exe (PID: 1828)
      • MsiExec.exe (PID: 3588)
      • MsiExec.exe (PID: 1008)
      • wevtutil.exe (PID: 3392)
      • wevtutil.exe (PID: 3592)
      • lodctr.exe (PID: 3640)
      • lodctr.exe (PID: 2328)
      • lodctr.exe (PID: 3420)
      • lodctr.exe (PID: 3096)
      • lodctr.exe (PID: 2408)
      • lodctr.exe (PID: 3184)
      • lodctr.exe (PID: 3492)
      • lodctr.exe (PID: 636)

    • Application launched itself

      • iexplore.exe (PID: 404)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2868)
      • Setup.exe (PID: 3432)
      • msiexec.exe (PID: 1828)
      • iexplore.exe (PID: 404)

    • Checks supported languages

      • iexplore.exe (PID: 404)
      • iexplore.exe (PID: 2868)
      • msiexec.exe (PID: 1828)
      • MsiExec.exe (PID: 3588)
      • MsiExec.exe (PID: 1008)
      • wevtutil.exe (PID: 3592)
      • lodctr.exe (PID: 3640)
      • wevtutil.exe (PID: 3392)
      • lodctr.exe (PID: 2328)
      • lodctr.exe (PID: 3096)
      • lodctr.exe (PID: 2408)
      • lodctr.exe (PID: 3184)
      • lodctr.exe (PID: 3492)
      • lodctr.exe (PID: 3420)
      • lodctr.exe (PID: 636)

    • Changes internet zones settings

      • iexplore.exe (PID: 404)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2868)
      • iexplore.exe (PID: 404)
      • Setup.exe (PID: 3432)
      • msiexec.exe (PID: 1828)

    • Creates files in the user directory

      • iexplore.exe (PID: 2868)
      • iexplore.exe (PID: 404)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 404)

    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 404)
      • svchost.exe (PID: 768)
      • SetupUtility.exe (PID: 2548)
      • Setup.exe (PID: 3432)
      • msiexec.exe (PID: 1828)
      • mscorsvw.exe (PID: 3836)

    • Changes settings of System certificates

      • iexplore.exe (PID: 404)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 404)

    • Reads the date of Windows installation

      • iexplore.exe (PID: 404)

    • Creates or modifies windows services

      • msiexec.exe (PID: 1828)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2868)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com/Crack/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2020:05:23 21:25:14
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
99
Monitored processes
39
Malicious processes
17
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start winrar.exe searchprotocolhost.exe no specs keygen.exe no specs iexplore.exe iexplore.exe ndp48-web.exe no specs ndp48-web.exe setup.exe setuputility.exe no specs setuputility.exe no specs tmpb357.tmp.exe msiexec.exe msiexec.exe no specs msiexec.exe no specs servicemodelreg.exe no specs wevtutil.exe no specs wevtutil.exe no specs svchost.exe no specs lodctr.exe no specs regtlibv12.exe no specs regtlibv12.exe no specs regtlibv12.exe no specs regtlibv12.exe no specs regtlibv12.exe no specs regtlibv12.exe no specs regtlibv12.exe no specs mofcomp.exe no specs mofcomp.exe no specs aspnet_regiis.exe no specs mofcomp.exe no specs ngen.exe no specs mscorsvw.exe no specs lodctr.exe no specs lodctr.exe no specs lodctr.exe no specs lodctr.exe no specs lodctr.exe no specs lodctr.exe no specs lodctr.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe" "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.tlb"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exeMsiExec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
RegTLib
Exit code:
0
Version:
14.8.3761.0 built by: NET48REL1
332TMPB357.tmp.exe /Q /X:C:\2e22b0a275581af8288861d85274dd\TMPB357.tmp.exe.tmpC:\2e22b0a275581af8288861d85274dd\TMPB357.tmp.exe
Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft .NET Framework 4.8 Setup
Exit code:
0
Version:
4.8.03761.00
404"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.7.2&processName=Keygen.exe&platform=0000&osver=5&isServer=0&shimver=4.0.30319.34209C:\Program Files\Internet Explorer\iexplore.exe
Keygen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
636"C:\Windows\system32\lodctr.exe" C:\Windows\Microsoft.NET\Framework\v4.0.30319\_DataOracleClientPerfCounters_shared12_neutral.iniC:\Windows\system32\lodctr.exeMsiExec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Load PerfMon Counters
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
768C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exeservices.exe
User:
LOCAL SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
932"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe" "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.tlb"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exeMsiExec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
RegTLib
Exit code:
0
Version:
14.8.3761.0 built by: NET48REL1
1008C:\Windows\system32\MsiExec.exe -Embedding 8196A786D027244DF124C4153B29731D E Global\MSI0000C:\Windows\system32\MsiExec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows� installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
1532"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
1820"C:\Users\admin\Desktop\Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com\Crack\Keygen.exe" C:\Users\admin\Desktop\Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com\Crack\Keygen.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Description:
GMW
Exit code:
2148734720
Version:
1.0.0.0
1828C:\Windows\system32\msiexec.exe /VC:\Windows\system32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows� installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
2 485
Suspicious files
79
Text files
557
Unknown types
31

Dropped files

PID
Process
Filename
Type
1532WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1532.22927\Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com\Guna UI Framework Ultimate v2.0.0.1 Lib-Master\.gitignoretext
MD5:
SHA256:
1532WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1532.22927\Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com\Crack\Readme.txttext
MD5:
SHA256:
1532WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1532.22927\Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com\Guna UI Framework Ultimate v2.0.0.1 Lib-Master\Guna UI Activation\Guna UI Activation.slntext
MD5:36E1F640B83FB42B2708C0CAF61514B5
SHA256:7E851F80A4C2A694F0855062435FCC7C31724693375E5CD3BBA05CBE09687DE0
1532WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1532.22927\Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com\Crack\Keygen.exeexecutable
MD5:68C19DD9BAF2C30C0E27C9490D2D8C31
SHA256:ECD5E4F2243D3A83453649B5FE9A93890CE0D5FD621B590459907BE96CB24200
1532WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1532.22927\Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com\Crack\Keygen.exe.configxml
MD5:9DBAD5517B46F41DBB0D8780B20AB87E
SHA256:47E5A0F101AF4151D7F13D2D6BFA9B847D5B5E4A98D1F4674B7C015772746CDF
1532WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1532.22927\Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com\Guna UI Framework Ultimate v2.0.0.1 Lib-Master\Guna UI Activation\Guna UI Activation\bin\Debug\Guna UI Activation.pdbpdb
MD5:F2B5AD4ED64B52A0445E76C034DFAAA9
SHA256:06B0B0EE40C54991306D2F0872E6055F63E18B6090625E29F246212F189E89F0
1532WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1532.22927\Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com\Guna UI Framework Ultimate v2.0.0.1 Lib-Master\Guna UI Activation\Guna UI Activation\bin\Debug\Guna UI Activation.vshost.exeexecutable
MD5:FC9F896933B6123ABEBB21C8476448EC
SHA256:CC0D4C85639DD5E8D68C4B356C9DCF9C501BAE0190A08376BCED2BCC85E2CF79
1532WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1532.22927\Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com\Guna UI Framework Ultimate v2.0.0.1 Lib-Master\Guna UI Activation\Guna UI Activation\Form1.vbtext
MD5:C45D8B9CFF9E2ED0A62114DDBA3D1AB1
SHA256:30E4DFAFB6C9D0AFA597FCF8E2055DB36C072474178F67CCDD3EF1C5F400A345
1532WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1532.22927\Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com\Guna UI Framework Ultimate v2.0.0.1 Lib-Master\Guna UI Activation\Guna UI Activation\My Project\Application.Designer.vbtext
MD5:5F0D5BE0B87086798CDB0F3CDA5A7705
SHA256:2422F184DE18ED1BC7F3302C6F70A0EB42DC24C6013CE2A2FE413239C04D2B83
1532WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1532.22927\Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com\Guna UI Framework Ultimate v2.0.0.1 Lib-Master\Guna UI Activation\Guna UI Activation\Guna UI Activation.vbprojxml
MD5:D1B7FD0E20743921EEFE31E9A10DAA74
SHA256:6570CD01965147D0FD2BD62368D367496EB510492786614973CE31DD1F40C4A7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
41
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
HEAD
302
23.15.254.176:80
http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x409&ar=03761.00&sar=amd64&o1=netfx_Full_x86.msi
NL
whitelisted
GET
302
23.15.254.176:80
http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x409&ar=03761.00&sar=x86&o1=netfx_Full.mzz
NL
whitelisted
GET
302
23.15.254.176:80
http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x409&ar=03761.00&sar=amd64&o1=netfx_Full_x86.msi
NL
whitelisted
2868
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAxq6XzO1ZmDhpCgCp6lMhQ%3D
US
der
471 b
whitelisted
2868
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
der
471 b
whitelisted
2868
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAtb9ltrp%2FvQiykNkEU33uA%3D
US
der
471 b
whitelisted
2868
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA9bw6F2y3ieICDHiTyBZ7Q%3D
US
der
1.47 Kb
whitelisted
2868
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
3432
Setup.exe
GET
200
2.18.233.62:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
der
1.05 Kb
whitelisted
2868
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2868
iexplore.exe
23.15.254.176:443
go.microsoft.com
Akamai Technologies, Inc.
NL
malicious
2868
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2868
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2868
iexplore.exe
13.107.213.45:443
dotnet.microsoft.com
Microsoft Corporation
US
suspicious
2868
iexplore.exe
2.18.233.62:443
www.microsoft.com
Akamai International B.V.
whitelisted
2868
iexplore.exe
2.16.170.26:443
statics-marketingsites-wcus-ms-com.akamaized.net
Akamai International B.V.
DE
unknown
2868
iexplore.exe
2.16.170.25:443
img-prod-cms-rt-microsoft-com.akamaized.net
Akamai International B.V.
DE
unknown
2868
iexplore.exe
13.107.246.45:443
dotnet.microsoft.com
Microsoft Corporation
US
malicious
404
iexplore.exe
13.107.21.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2868
iexplore.exe
13.69.106.212:443
dc.services.visualstudio.com
Microsoft Corporation
NL
suspicious

DNS requests

Domain
IP
Reputation
go.microsoft.com
  • 23.15.254.176
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
dotnet.microsoft.com
  • 13.107.213.45
  • 13.107.246.45
whitelisted
statics-marketingsites-wcus-ms-com.akamaized.net
  • 2.16.170.26
  • 2.16.170.10
whitelisted
www.microsoft.com
  • 2.18.233.62
whitelisted
img-prod-cms-rt-microsoft-com.akamaized.net
  • 2.16.170.25
  • 2.16.170.11
whitelisted
wcpstatic.microsoft.com
  • 13.107.246.45
  • 13.107.213.45
whitelisted
www.google-analytics.com
  • 173.194.198.101
  • 173.194.198.102
  • 173.194.198.138
  • 173.194.198.139
  • 173.194.198.113
  • 173.194.198.100
whitelisted
az416426.vo.msecnd.net
  • 152.199.21.175
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Guna UI Framework Ultimate 2.0.0.1 worldfreeware.com.zip