File name:

c.zip

Full analysis: https://app.any.run/tasks/df8ffdd6-aac9-4436-a721-304833f9d159
Verdict: Malicious activity
Analysis date: March 24, 2025, 16:27:50
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-doc
python
autorun-download
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

59B5D9CBBFD99A992D254EC3001ABFA4

SHA1:

706E90597EF11B0D63FAB2A0723C6F945196C7C7

SHA256:

5F85AAC4E49835D03C34143D5068C13FEA5ABEB83AB94D3BA50064CA3F378FBF

SSDEEP:

98304:8EIrXOUTjrsYH+qj6l3BUAssAOPAfh4cruZPmedsLGCVeI+PXvfb/lI0emIjjej3:YZvDOgCgzJGIHIUfsfpD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 1276)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 1276)
      • python-3.13.2-amd64.exe (PID: 8048)
      • msiexec.exe (PID: 7148)

    • Executable content was dropped or overwritten

      • python-3.13.2-amd64.exe (PID: 4652)
      • python-3.13.2-amd64.exe (PID: 8048)
      • python-3.13.2-amd64.exe (PID: 1812)

    • Reads security settings of Internet Explorer

      • python-3.13.2-amd64.exe (PID: 8048)

    • Searches for installed software

      • python-3.13.2-amd64.exe (PID: 8048)
      • dllhost.exe (PID: 7528)

    • Executes as Windows Service

      • VSSVC.exe (PID: 7832)

    • There is functionality for taking screenshot (YARA)

      • python-3.13.2-amd64.exe (PID: 8048)

    • The process drops C-runtime libraries

      • python-3.13.2-amd64.exe (PID: 8048)
      • msiexec.exe (PID: 7148)

    • Starts itself from another location

      • python-3.13.2-amd64.exe (PID: 8048)

    • Process drops python dynamic module

      • msiexec.exe (PID: 7148)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 7148)

  • INFO

    • The sample compiled with english language support

      • WinRAR.exe (PID: 1276)
      • firefox.exe (PID: 3020)
      • python-3.13.2-amd64.exe (PID: 4652)
      • python-3.13.2-amd64.exe (PID: 8048)
      • msiexec.exe (PID: 7148)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1276)
      • firefox.exe (PID: 3020)
      • msiexec.exe (PID: 7148)

    • Manual execution by a user

      • firefox.exe (PID: 960)

    • Application launched itself

      • firefox.exe (PID: 960)
      • firefox.exe (PID: 3020)

    • Autorun file from Downloads

      • firefox.exe (PID: 3020)

    • Create files in a temporary directory

      • python-3.13.2-amd64.exe (PID: 4652)
      • python-3.13.2-amd64.exe (PID: 8048)

    • Checks supported languages

      • python-3.13.2-amd64.exe (PID: 4652)
      • python-3.13.2-amd64.exe (PID: 8048)
      • python-3.13.2-amd64.exe (PID: 1812)
      • msiexec.exe (PID: 7148)

    • Reads the computer name

      • python-3.13.2-amd64.exe (PID: 8048)
      • msiexec.exe (PID: 7148)

    • Process checks computer location settings

      • python-3.13.2-amd64.exe (PID: 8048)

    • Manages system restore points

      • SrTasks.exe (PID: 7368)

    • Creates files or folders in the user directory

      • python-3.13.2-amd64.exe (PID: 8048)
      • msiexec.exe (PID: 7148)

    • Reads the machine GUID from the registry

      • python-3.13.2-amd64.exe (PID: 8048)
      • msiexec.exe (PID: 7148)

    • Mutex for Python MSI log

      • msiexec.exe (PID: 7148)
      • python-3.13.2-amd64.exe (PID: 8048)

    • Reads the software policy settings

      • slui.exe (PID: 5156)
      • msiexec.exe (PID: 7148)
      • slui.exe (PID: 4572)

    • Checks proxy server information

      • slui.exe (PID: 4572)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 7148)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2025:03:24 17:27:06
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: c/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
166
Monitored processes
25
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe sppextcomobj.exe no specs slui.exe rundll32.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs python-3.13.2-amd64.exe python-3.13.2-amd64.exe python-3.13.2-amd64.exe SPPSurrogate no specs vssvc.exe no specs slui.exe srtasks.exe no specs conhost.exe no specs msiexec.exe

Process information

PID
CMD
Path
Indicators
Parent process
660C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
960"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
c:\windows\system32\crypt32.dll
1276"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\Desktop\c.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1812"C:\Users\admin\AppData\Local\Temp\{FD718849-50EB-4F6C-8BA2-480FCD808DB3}\.be\python-3.13.2-amd64.exe" -q -burn.elevated BurnPipe.{1ECE3B74-CF99-4D48-82F6-F7FCA58FD34D} {BF506FD2-95A1-4B36-A75B-D38F84F7135B} 8048C:\Users\admin\AppData\Local\Temp\{FD718849-50EB-4F6C-8BA2-480FCD808DB3}\.be\python-3.13.2-amd64.exe
python-3.13.2-amd64.exe
User:
admin
Company:
Python Software Foundation
Integrity Level:
HIGH
Description:
Python 3.13.2 (64-bit)
Version:
3.13.2150.0
Modules
Images
c:\users\admin\appdata\local\temp\{fd718849-50eb-4f6c-8ba2-480fcd808db3}\.be\python-3.13.2-amd64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2420"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2152 -parentBuildID 20240213221259 -prefsHandle 2144 -prefMapHandle 2080 -prefsLen 31031 -prefMapSize 244583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {857e4245-14ce-4c5d-8f3c-51f22eac1999} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 28479a83110 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
3020"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
3240"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2728 -childID 1 -isForBrowser -prefsHandle 2724 -prefMapHandle 2668 -prefsLen 31447 -prefMapSize 244583 -jsInitHandle 1532 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87209785-0759-41de-8f80-2a903ee3f50b} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 2840bb39f50 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\crypt32.dll
4572C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4652"C:\Users\admin\Downloads\python-3.13.2-amd64.exe" C:\Users\admin\Downloads\python-3.13.2-amd64.exe
firefox.exe
User:
admin
Company:
Python Software Foundation
Integrity Level:
MEDIUM
Description:
Python 3.13.2 (64-bit)
Version:
3.13.2150.0
Modules
Images
c:\users\admin\downloads\python-3.13.2-amd64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5112"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1912 -parentBuildID 20240213221259 -prefsHandle 1840 -prefMapHandle 1832 -prefsLen 31031 -prefMapSize 244583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11d3ca99-53c9-469d-838f-ab8b9154267e} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 2847f1ee810 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
Total events
53 653
Read events
48 276
Write events
5 293
Delete events
84

Modification events

(PID) Process:(1276) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(1276) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(1276) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(1276) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\c.zip
(PID) Process:(1276) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1276) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1276) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1276) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3020) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(3020) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
Executable files
86
Suspicious files
385
Text files
3 082
Unknown types
0

Dropped files

PID
Process
Filename
Type
1276WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1276.1153\c\Grabbers-Deobfuscator-main\Grabbers-Deobfuscator-main\tutorial.gif
MD5:
SHA256:
1276WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1276.1153\c\Grabbers-Deobfuscator-main\Grabbers-Deobfuscator-main\config.jsonbinary
MD5:07BE80C852D43079699113C9324BB578
SHA256:49EA2CC9493FA469A4295A4ACD6146A269E24348D617675DFB365514BA3CC394
1276WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1276.1153\c\Grabbers-Deobfuscator-main\Grabbers-Deobfuscator-main\methods\empyrean.pytext
MD5:68C486C90545F3D750A6600FCA3A9998
SHA256:EA28F330301A9CBF0742C6AA3ABE503D7CF773A073FA8D693B0A390754F0E1B8
1276WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1276.1153\c\Grabbers-Deobfuscator-main\Grabbers-Deobfuscator-main\requirements.txttext
MD5:4E0914EA3584FEA2AA56CD7AF4B47E54
SHA256:77A588A4A077A11BDC2437788FE890124E3A44651B178744BFCB36B9318EE956
1276WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1276.1153\c\Grabbers-Deobfuscator-main\Grabbers-Deobfuscator-main\.gitignoretext
MD5:802DC1572376EB4D1272FA75FE6143E3
SHA256:E724B3544B6A8A96E2484967183E22A434155463695B47AEA7EF8EC62F4AF4C8
1276WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1276.1153\c\Grabbers-Deobfuscator-main\Grabbers-Deobfuscator-main\utils\bin\fernflower.jarcompressed
MD5:BE01DBC47A455DDDFC724D5EFE13B490
SHA256:74B609647D74E4CE04E9BEEF230A7460E74DE03BF41703F961BBE704D4938B8F
1276WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1276.1153\c\Grabbers-Deobfuscator-main\Grabbers-Deobfuscator-main\README.mdtext
MD5:C36B38BCD14F5CB192CC68072E6D9441
SHA256:84C01A52C699EDE570DE8A1F103A16D18DAD17B4F15EAB38EC1092EE3D47D09E
1276WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1276.1153\c\Grabbers-Deobfuscator-main\Grabbers-Deobfuscator-main\utils\bin\pycdcbinary
MD5:DCA8A4F7D9A8A1571FF7878E4B7B83FA
SHA256:F7DBC7F92B2660608E3F75301215148760C8D85669C3B1775A842A32CF35D9F4
1276WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1276.1153\c\Grabbers-Deobfuscator-main\Grabbers-Deobfuscator-main\utils\bin\pycdas.exeexecutable
MD5:C106613CF4FC594260CED59577936BFA
SHA256:52370A2D59198239421954E1CB46284218D3C8BA70A1C161D2B5AB1CC7ED4D96
1276WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1276.1153\c\Grabbers-Deobfuscator-main\Grabbers-Deobfuscator-main\methods\ben.pytext
MD5:04915DC08E2AA81160CF532B7D3F940B
SHA256:C28E4FF38D046E64AF3D89D8DB3EBA4823B09B8223208929AFAE31D8C68DD6AE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
68
TCP/UDP connections
162
DNS requests
179
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.185:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2104
svchost.exe
GET
200
23.48.23.185:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3020
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
3020
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
3020
firefox.exe
POST
200
184.24.77.48:80
http://r10.o.lencr.org/
unknown
whitelisted
3020
firefox.exe
POST
200
184.24.77.48:80
http://r10.o.lencr.org/
unknown
whitelisted
3020
firefox.exe
POST
200
172.217.16.195:80
http://o.pki.goog/s/wr3/cgo
unknown
whitelisted
3020
firefox.exe
POST
200
184.24.77.44:80
http://r11.o.lencr.org/
unknown
whitelisted
5024
backgroundTaskHost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5496
MoUsoCoreWorker.exe
23.48.23.185:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
23.48.23.185:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3216
svchost.exe
20.198.162.78:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
SG
whitelisted
6544
svchost.exe
20.190.159.23:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
23.54.109.203:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.78
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.48.23.185
  • 23.48.23.192
  • 23.48.23.139
  • 23.48.23.140
  • 23.48.23.194
  • 23.48.23.141
  • 23.48.23.137
  • 23.48.23.188
  • 23.48.23.143
whitelisted
client.wns.windows.com
  • 20.198.162.78
whitelisted
login.live.com
  • 20.190.159.23
  • 20.190.159.68
  • 40.126.31.69
  • 20.190.159.71
  • 20.190.159.64
  • 20.190.159.130
  • 40.126.31.130
  • 40.126.31.71
whitelisted
ocsp.digicert.com
  • 23.54.109.203
whitelisted
arc.msn.com
  • 20.74.47.205
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
  • 34.117.188.166
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
No debug info