File name:

Trojan.Win32.Gentee.a.exe

Full analysis: https://app.any.run/tasks/45357533-b417-40f0-8b77-ed8b894c609f
Verdict: Malicious activity
Analysis date: November 13, 2024, 22:18:52
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:

6CD3FF8858E8A695463722FFBC4A0788

SHA1:

5A292640313B7765AE4AFAECFD372100BF4E3BB4

SHA256:

6035AB6EA3D863EDC3F9351DD45E567BC7836F0755A46DD680811B7B27231E65

SSDEEP:

3072:IV3VHV4tkqwVQYGO0gxx4hksfh5132X+y/bSLDGMG:IV3VHV4j8MO0gxGkubGOQbSLDI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Disables the Find the Start menu

      • Trojan.Win32.Gentee.a.exe (PID: 7252)

    • Changes the autorun value in the registry

      • Trojan.Win32.Gentee.a.exe (PID: 7252)

    • Scans artifacts that could help determine the target

      • Trojan.Win32.Gentee.a.exe (PID: 7252)

  • SUSPICIOUS

    • Creates file in the systems drive root

      • Trojan.Win32.Gentee.a.exe (PID: 7252)

    • Changes the desktop background image

      • Trojan.Win32.Gentee.a.exe (PID: 7252)

    • The process verifies whether the antivirus software is installed

      • Trojan.Win32.Gentee.a.exe (PID: 7252)

    • Executable content was dropped or overwritten

      • Trojan.Win32.Gentee.a.exe (PID: 7252)
      • xp.exe (PID: 7320)

    • Changes Internet Explorer settings (feature browser emulation)

      • Trojan.Win32.Gentee.a.exe (PID: 7252)

    • Modifies the phishing filter of IE

      • Trojan.Win32.Gentee.a.exe (PID: 7252)

    • Reads Internet Explorer settings

      • Trojan.Win32.Gentee.a.exe (PID: 7252)

    • Process changes security settings for the VBA macro

      • Trojan.Win32.Gentee.a.exe (PID: 7252)

    • The process executes via Task Scheduler

      • PLUGScheduler.exe (PID: 1076)
      • PLUGScheduler.exe (PID: 3472)

  • INFO

    • Create files in a temporary directory

      • Trojan.Win32.Gentee.a.exe (PID: 7252)

    • Checks supported languages

      • Trojan.Win32.Gentee.a.exe (PID: 7252)

    • Reads the computer name

      • Trojan.Win32.Gentee.a.exe (PID: 7252)

    • Reads Microsoft Office registry keys

      • Trojan.Win32.Gentee.a.exe (PID: 7252)

    • Manual execution by a user

      • xp.exe (PID: 5516)
      • firefox.exe (PID: 7108)
      • msedge.exe (PID: 2700)
      • xp.exe (PID: 7320)
      • msedge.exe (PID: 5852)
      • xp.exe (PID: 712)
      • xp.exe (PID: 5660)
      • xp.exe (PID: 3496)

    • Application launched itself

      • firefox.exe (PID: 7108)
      • firefox.exe (PID: 7136)
      • msedge.exe (PID: 2700)
      • msedge.exe (PID: 7468)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.3)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2002:02:27 09:51:35+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 3
CodeSize: 2560
InitializedDataSize: 4608
UninitializedDataSize: -
EntryPoint: 0x1001
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
518
Monitored processes
53
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start trojan.win32.gentee.a.exe plugscheduler.exe no specs xp.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs xp.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs xp.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs plugscheduler.exe no specs xp.exe no specs xp.exe no specs trojan.win32.gentee.a.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
424"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5168 -parentBuildID 20240213221259 -sandboxingKind 0 -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 36339 -prefMapSize 244343 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d05ef96-89e7-4fa2-88fe-0b4a6788093f} 7136 "\\.\pipe\gecko-crash-server-pipe.7136" 1b8d6118710 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
652"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3244 --field-trial-handle=2304,i,17498461205828775695,5197990091507186426,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrt4.dll
712"C:\xp.exe" C:\xp.exerunonce.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\xp.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1076"C:\Program Files\RUXIM\PLUGscheduler.exe"C:\Program Files\RUXIM\PLUGScheduler.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Update LifeCycle Component Scheduler
Exit code:
0
Version:
10.0.19041.3623 (WinBuild.160101.0800)
Modules
Images
c:\program files\ruxim\plugscheduler.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
1104"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3696 --field-trial-handle=2384,i,7795312774373985484,15018779341373127810,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1184"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 4 -isForBrowser -prefsHandle 5488 -prefMapHandle 5372 -prefsLen 31108 -prefMapSize 244343 -jsInitHandle 1524 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fcdc019-a63a-47cf-9f13-4d2bcbc19f1f} 7136 "\\.\pipe\gecko-crash-server-pipe.7136" 1b8d71f6150 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5280 --field-trial-handle=2304,i,17498461205828775695,5197990091507186426,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1336"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3340 --field-trial-handle=2304,i,17498461205828775695,5197990091507186426,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1340"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5756 -childID 5 -isForBrowser -prefsHandle 5492 -prefMapHandle 5632 -prefsLen 31108 -prefMapSize 244343 -jsInitHandle 1524 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {157ebd13-fb46-49bb-99ac-0cda0aae146c} 7136 "\\.\pipe\gecko-crash-server-pipe.7136" 1b8d71f64d0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1700"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5760 --field-trial-handle=2304,i,17498461205828775695,5197990091507186426,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
56 607
Read events
36 971
Write events
19 636
Delete events
0

Modification events

(PID) Process:(7252) Trojan.Win32.Gentee.a.exeKey:HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoSMHelp
Value:
1
(PID) Process:(7252) Trojan.Win32.Gentee.a.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoRun
Value:
01
(PID) Process:(7252) Trojan.Win32.Gentee.a.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoClose
Value:
01
(PID) Process:(7252) Trojan.Win32.Gentee.a.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoLogOff
Value:
01
(PID) Process:(7252) Trojan.Win32.Gentee.a.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoDrives
Value:
67108863
(PID) Process:(7252) Trojan.Win32.Gentee.a.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Operation:writeName:DisableRegistryTools
Value:
1
(PID) Process:(7252) Trojan.Win32.Gentee.a.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoDesktop
Value:
1
(PID) Process:(7252) Trojan.Win32.Gentee.a.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
Operation:writeName:Disabled
Value:
1
(PID) Process:(7252) Trojan.Win32.Gentee.a.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
Operation:writeName:NoRealMode
Value:
1
(PID) Process:(7252) Trojan.Win32.Gentee.a.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Winlogon
Operation:writeName:LegalNoticeCaption
Value:
¡ïÌìħ½µÊÀ ÃðÊÀ´ÓÉú¡ï
Executable files
28
Suspicious files
861
Text files
166
Unknown types
5

Dropped files

PID
Process
Filename
Type
7252Trojan.Win32.Gentee.a.exeC:\Users\admin\AppData\Local\Temp\ginst0.dllexecutable
MD5:B2736E243082F430D981DBE1D395458A
SHA256:00E55F021A482C54E387A2C5357822ABE873067FA1477B5A0D1B158BD07FB416
7252Trojan.Win32.Gentee.a.exeC:\Windows\wininit.initext
MD5:066909F6C6DDFEB7E77D6A0D816B7955
SHA256:A20A3517B458C3E44B6FA84C7DD487ABB9CFFD9BB6BD686880843DD58BBD4E62
7252Trojan.Win32.Gentee.a.exeC:\Windows\xp.exeexecutable
MD5:4FA29A1AD0744D79CDD485B6EC7E76CF
SHA256:73FA95BB57B65F911397B6984A0B0176E565CEA94B76A4DB3056277DD74E0C7F
7252Trojan.Win32.Gentee.a.exeC:\Windows\winnt\xp.exeexecutable
MD5:4FA29A1AD0744D79CDD485B6EC7E76CF
SHA256:73FA95BB57B65F911397B6984A0B0176E565CEA94B76A4DB3056277DD74E0C7F
1076PLUGScheduler.exeC:\ProgramData\PLUG\Logs\RUXIMLog.026.etletl
MD5:FED961067F664B5381B65A534B7AB728
SHA256:652F31A8284AE812D1D9D24192BC800976BF74C240591C6AC443A28C4709FB7C
1076PLUGScheduler.exeC:\ProgramData\PLUG\Logs\RUXIMLog.024.etletl
MD5:89BD161BF7B46C9078937CF832786737
SHA256:2B83DF5532E9F54ED301C8F82E2CDD489799C8D5222A2D44C97DCB151A96FAA9
1076PLUGScheduler.exeC:\ProgramData\PLUG\Logs\RUXIMLog.023.etletl
MD5:B53B2070E686FFB1FBC8B06994E7C8D7
SHA256:A3ABD06F4E40CB700B1908AB6BCD2E27455E13EF076E0BF2345BB2FA369EF802
1076PLUGScheduler.exeC:\ProgramData\PLUG\Logs\RUXIMLog.028.etletl
MD5:5EA68411BF8E9EAF4621BAF73F61449E
SHA256:9D4CA5A1D871F819C139A498BB910A63576C2FE6367853544F8D172D8B6EBFF7
7252Trojan.Win32.Gentee.a.exeC:\xp.exeexecutable
MD5:4FA29A1AD0744D79CDD485B6EC7E76CF
SHA256:73FA95BB57B65F911397B6984A0B0176E565CEA94B76A4DB3056277DD74E0C7F
7252Trojan.Win32.Gentee.a.exeC:\winnt\xp.exeexecutable
MD5:4FA29A1AD0744D79CDD485B6EC7E76CF
SHA256:73FA95BB57B65F911397B6984A0B0176E565CEA94B76A4DB3056277DD74E0C7F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
191
DNS requests
217
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.24.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.24.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7604
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7604
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6848
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7136
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
184.24.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
239.255.255.250:1900
whitelisted
104.126.37.155:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4360
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
5740
svchost.exe
20.190.159.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
23.213.166.81:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
google.com
  • 172.217.18.14
whitelisted
crl.microsoft.com
  • 184.24.77.6
  • 184.24.77.35
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
www.bing.com
  • 104.126.37.155
  • 104.126.37.128
  • 104.126.37.163
  • 104.126.37.186
  • 104.126.37.139
  • 104.126.37.153
  • 104.126.37.161
  • 104.126.37.171
  • 104.126.37.185
  • 104.126.37.144
  • 104.126.37.184
  • 104.126.37.131
  • 104.126.37.130
  • 104.126.37.170
  • 104.126.37.179
  • 104.126.37.123
  • 104.126.37.168
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.159.2
  • 20.190.159.75
  • 40.126.31.71
  • 20.190.159.4
  • 20.190.159.71
  • 20.190.159.23
  • 20.190.159.64
  • 40.126.31.67
whitelisted
go.microsoft.com
  • 23.213.166.81
  • 23.35.238.131
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
th.bing.com
  • 104.126.37.155
  • 104.126.37.153
  • 104.126.37.163
  • 104.126.37.170
  • 104.126.37.168
  • 104.126.37.171
  • 104.126.37.160
  • 104.126.37.146
  • 104.126.37.152
  • 104.126.37.184
  • 104.126.37.144
  • 104.126.37.123
  • 104.126.37.186
  • 104.126.37.161
  • 104.126.37.185
  • 104.126.37.139
  • 104.126.37.130
  • 104.126.37.131
  • 104.126.37.179
whitelisted

Threats

PID
Process
Class
Message
5876
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
5876
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
5876
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
5876
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Trojan.Win32.Gentee.a.exe