File name:

SkrinshoterSetup_v3.11.4.30.exe

Full analysis: https://app.any.run/tasks/f8fc3626-8f16-4907-95e1-d59f3f72e1ab
Verdict: Malicious activity
Analysis date: July 16, 2024, 07:02:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

061BA6DA7357850CA194496766009F59

SHA1:

B31CDF2C231212C3C76C1E2616C1D04F44D89118

SHA256:

60C4175E18ABF22D705D855ABB6F16E08B80B9FB829A08589B9E4BA750C47349

SSDEEP:

98304:4ReixlxDNWWrO072PIrvnLNwKKEfFdnAELIoJcYDEZ01mPwd47m8Eqdg5UMAIL62:wUpK+4z

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3384)
      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3528)

    • Changes the autorun value in the registry

      • Skrinshoter.exe (PID: 3116)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3384)
      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3528)

    • Application launched itself

      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3384)

    • The process creates files with name similar to system file names

      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3528)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3528)

    • Creates a software uninstall entry

      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3528)

    • Reads the Internet Settings

      • LauncherSRF.exe (PID: 3428)
      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3528)
      • Skrinshoter.exe (PID: 3116)

    • Reads Internet Explorer settings

      • Skrinshoter.exe (PID: 3116)

    • Reads security settings of Internet Explorer

      • LauncherSRF.exe (PID: 3428)
      • Skrinshoter.exe (PID: 3116)

    • Reads Microsoft Outlook installation path

      • Skrinshoter.exe (PID: 3116)

  • INFO

    • Reads the computer name

      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3384)
      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3528)
      • LauncherSRF.exe (PID: 3428)
      • curl.exe (PID: 2480)
      • Skrinshoter.exe (PID: 3116)

    • Checks supported languages

      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3384)
      • LauncherSRF.exe (PID: 3428)
      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3528)
      • LauncherSRF.exe (PID: 2428)
      • Skrinshoter.exe (PID: 3116)
      • curl.exe (PID: 2480)

    • Create files in a temporary directory

      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3384)
      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3528)

    • Creates files in the program directory

      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3528)
      • Skrinshoter.exe (PID: 3116)

    • Reads the machine GUID from the registry

      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3528)
      • curl.exe (PID: 2480)
      • Skrinshoter.exe (PID: 3116)

    • Creates files or folders in the user directory

      • SkrinshoterSetup_v3.11.4.30.exe (PID: 3528)
      • Skrinshoter.exe (PID: 3116)

    • Application launched itself

      • msedge.exe (PID: 524)
      • msedge.exe (PID: 4044)

    • Manual execution by a user

      • msedge.exe (PID: 4044)

    • Checks proxy server information

      • Skrinshoter.exe (PID: 3116)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:02:24 19:19:54+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 10
CodeSize: 28160
InitializedDataSize: 445952
UninitializedDataSize: 16896
EntryPoint: 0x3883
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
76
Monitored processes
30
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start skrinshotersetup_v3.11.4.30.exe launchersrf.exe no specs skrinshotersetup_v3.11.4.30.exe launchersrf.exe no specs skrinshoter.exe no specs skrinshoter.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs curl.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
524"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument http://скриншотер.рф/spasibo?key={714C467C-5B02-4E29-A08D-719E89FEE9DA}C:\Program Files\Microsoft\Edge\Application\msedge.exeSkrinshoterSetup_v3.11.4.30.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
1
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
656"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=1316,i,1532465792633482627,912743421932870027,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1132"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3128 --field-trial-handle=1316,i,1532465792633482627,912743421932870027,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1144"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1328 --field-trial-handle=1344,i,15738766431067701949,1979636341199771866,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1264"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6a4bf598,0x6a4bf5a8,0x6a4bf5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1568"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2132 --field-trial-handle=1316,i,1532465792633482627,912743421932870027,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2036"C:\Program Files\Skrinshoter\skrinshoter.exe" C:\Program Files\Skrinshoter\Skrinshoter.exeLauncherSRF.exe
User:
admin
Company:
Скриншотер.РФ
Integrity Level:
MEDIUM
Description:
skrinshoter
Exit code:
3221226540
Version:
3.11.4.30
Modules
Images
c:\program files\skrinshoter\skrinshoter.exe
c:\windows\system32\ntdll.dll
2252"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4560 --field-trial-handle=1316,i,1532465792633482627,912743421932870027,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2416"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3788 --field-trial-handle=1316,i,1532465792633482627,912743421932870027,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2428C:\Users\admin\AppData\Local\Temp\nsh20A0.tmp\LauncherSRF.exe "C:\Program Files\Skrinshoter\skrinshoter.exe"C:\Users\admin\AppData\Local\Temp\nsh20A0.tmp\LauncherSRF.exeSkrinshoterSetup_v3.11.4.30.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nsh20a0.tmp\launchersrf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
17 704
Read events
17 600
Write events
91
Delete events
13

Modification events

(PID) Process:(3528) SkrinshoterSetup_v3.11.4.30.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Skrinshoter
Value:
(PID) Process:(3528) SkrinshoterSetup_v3.11.4.30.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Скриншотер
Operation:writeName:DisplayName
Value:
Скриншотер
(PID) Process:(3528) SkrinshoterSetup_v3.11.4.30.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Скриншотер
Operation:writeName:UninstallString
Value:
C:\Program Files\Skrinshoter\Удаление (Uninstall).exe
(PID) Process:(3528) SkrinshoterSetup_v3.11.4.30.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Скриншотер
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Skrinshoter\skrinshoter.rf.ico
(PID) Process:(3528) SkrinshoterSetup_v3.11.4.30.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Скриншотер
Operation:writeName:Publisher
Value:
Online Center ltd
(PID) Process:(3528) SkrinshoterSetup_v3.11.4.30.exeKey:HKEY_CLASSES_ROOT\*\shell\SkrinshoterRF
Operation:writeName:Icon
Value:
C:\Program Files\Skrinshoter\Skrinshoter.exe
(PID) Process:(3428) LauncherSRF.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3428) LauncherSRF.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3428) LauncherSRF.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3428) LauncherSRF.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
21
Suspicious files
122
Text files
44
Unknown types
2

Dropped files

PID
Process
Filename
Type
3528SkrinshoterSetup_v3.11.4.30.exeC:\Users\admin\AppData\Local\Temp\nsh20A0.tmp\System.dllexecutable
MD5:BF712F32249029466FA86756F5546950
SHA256:7851CB12FA4131F1FEE5DE390D650EF65CAC561279F1CFE70AD16CC9780210AF
3528SkrinshoterSetup_v3.11.4.30.exeC:\Users\admin\AppData\Local\Temp\nsh20A0.tmp\skrinshoter.rf.logo.icoimage
MD5:70EA1102899C21AD2F26241CC0491CBC
SHA256:03A292E94764159ED5F4562B7DE908763C66C047E68D46EC3A28450264954C68
3528SkrinshoterSetup_v3.11.4.30.exeC:\Windows\yandexbarpage2.initext
MD5:EACC1533CBBB7B20EB998D36F06C878F
SHA256:017F867DA97FEB5E87310E87FE3BF35FEA1A513523D4D370ED44CABC4A54FC67
3528SkrinshoterSetup_v3.11.4.30.exeC:\Users\admin\AppData\Local\Temp\nsh20A0.tmp\logo_Yandex_RU_UA_vertical.icoimage
MD5:A8C1505AB92AA6C40999984BD88B4C42
SHA256:5C833846B1205E4ACD2F53C513E7526B99C1950F608C71A943C98BC385ACD32B
3528SkrinshoterSetup_v3.11.4.30.exeC:\Users\admin\AppData\Local\Temp\nsh20A0.tmp\yandexbrowsersetup.icoimage
MD5:6839E8022C8C1104081348D0510DB061
SHA256:F366E0FC45225F7858154D0C91AADE7868133E45EB2F829ABC647BE3376FC8FF
3528SkrinshoterSetup_v3.11.4.30.exeC:\Users\admin\AppData\Local\Temp\nsh20A0.tmp\downloader.exeexecutable
MD5:70FE52D099713FD74B6AC07CC5C9703B
SHA256:304318534E2D5D671D90185CFF006716FFE488B3607F11D73CAEA2B58AA759D9
3384SkrinshoterSetup_v3.11.4.30.exeC:\Users\admin\AppData\Local\Temp\nsiE349.tmp\LauncherSRF.exeexecutable
MD5:439682E20CD3B52B73127888772892E9
SHA256:1DB6F336EAC2947E467243AC4F7B87CD5DE253939351E6476653A10365A69848
3384SkrinshoterSetup_v3.11.4.30.exeC:\Users\admin\AppData\Local\Temp\nsiE349.tmp\logo_Yandex_RU_UA_vertical.icoimage
MD5:A8C1505AB92AA6C40999984BD88B4C42
SHA256:5C833846B1205E4ACD2F53C513E7526B99C1950F608C71A943C98BC385ACD32B
3384SkrinshoterSetup_v3.11.4.30.exeC:\Users\admin\AppData\Local\Temp\nsiE349.tmp\yandexbrowsersetup.icoimage
MD5:6839E8022C8C1104081348D0510DB061
SHA256:F366E0FC45225F7858154D0C91AADE7868133E45EB2F829ABC647BE3376FC8FF
3384SkrinshoterSetup_v3.11.4.30.exeC:\Users\admin\AppData\Local\Temp\nsiE349.tmp\downloader.exeexecutable
MD5:70FE52D099713FD74B6AC07CC5C9703B
SHA256:304318534E2D5D671D90185CFF006716FFE488B3607F11D73CAEA2B58AA759D9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
56
DNS requests
60
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
whitelisted
3116
Skrinshoter.exe
GET
301
92.223.103.122:80
http://skrinshoter.ru/sync.php?appid={31E1C128-0204-44BE-94AD-D101F8D81C49}&ts=1721113398
unknown
whitelisted
1060
svchost.exe
GET
304
23.53.40.49:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8f69642324cc87bd
unknown
whitelisted
1372
svchost.exe
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3640
msedge.exe
GET
301
92.223.103.122:80
http://xn--e1affnfjebo2d.xn--p1ai/spasibo?key={714C467C-5B02-4E29-A08D-719E89FEE9DA}
unknown
malicious
4044
msedge.exe
GET
200
23.53.40.49:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?bb699b5d77c8b06f
unknown
whitelisted
3116
Skrinshoter.exe
GET
301
92.223.103.122:80
http://skrinshoter.ru/actver.php?1721113397
unknown
whitelisted
1372
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:137
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
1372
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1060
svchost.exe
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted
1372
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1372
svchost.exe
199.232.210.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
1372
svchost.exe
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.206
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
ctldl.windowsupdate.com
  • 199.232.210.172
  • 199.232.214.172
  • 23.53.40.49
  • 23.53.40.35
whitelisted
crl.microsoft.com
  • 23.53.40.176
  • 23.53.40.178
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
xn--e1affnfjebo2d.xn--p1ai
  • 92.223.103.122
malicious
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
skrinshoter.ru
  • 92.223.103.122
whitelisted
fonts.googleapis.com
  • 172.217.23.106
whitelisted

Threats

PID
Process
Class
Message
3640
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SkrinshoterSetup_v3.11.4.30.exe