File name:

SecuriteInfo.com.FileRepMalware.19700.19972.exe

Full analysis: https://app.any.run/tasks/80eaaacf-640b-4a02-acfe-5e456f6741bb
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: May 31, 2025, 08:42:05
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
evasion
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

B881C1AE480D83792DB272B86228B31B

SHA1:

20E7750D565B594FEAC515C1F1EACFAD909952FD

SHA256:

63E4672213292DDFB0F3ADD141B51D176F520FE5D507BCBBCC80959F1A9005B0

SSDEEP:

49152:1aMFtTHM3jhuTa4qNL+LIGn4yAvzrPz/vImp:WOLqNL9zjz/vImp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)

    • Scans artifacts that could help determine the target

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)

    • Actions looks like stealing of personal data

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)

    • Steals credentials from Web Browsers

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)

  • SUSPICIOUS

    • Starts application with an unusual extension

      • cmd.exe (PID: 2772)

    • Uses NETSH.EXE to obtain data on the network

      • cmd.exe (PID: 2772)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 2772)

    • Get information on the list of running processes

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)
      • cmd.exe (PID: 6700)

    • Starts CMD.EXE for commands execution

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)

    • Executable content was dropped or overwritten

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)
      • xaitx.exe (PID: 2268)

    • Checks for external IP

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)
      • svchost.exe (PID: 2196)

    • Multiple wallet extension IDs have been found

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)

    • Searches for installed software

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)

  • INFO

    • Create files in a temporary directory

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)
      • xaitx.exe (PID: 4272)
      • xaitx.exe (PID: 2268)

    • Checks supported languages

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)
      • chcp.com (PID: 5124)
      • xaitx.exe (PID: 2268)
      • identity_helper.exe (PID: 5392)
      • xaitx.exe (PID: 4272)
      • elevation_service.exe (PID: 7324)

    • Reads the computer name

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)
      • elevation_service.exe (PID: 7324)
      • identity_helper.exe (PID: 5392)

    • Reads Microsoft Office registry keys

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)

    • Reads the machine GUID from the registry

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)

    • Reads Environment values

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)
      • identity_helper.exe (PID: 5392)

    • Disables trace logs

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)

    • Checks proxy server information

      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)
      • slui.exe (PID: 8016)

    • Changes the display of characters in the console

      • cmd.exe (PID: 2772)

    • Application launched itself

      • chrome.exe (PID: 8072)
      • msedge.exe (PID: 7320)

    • Executes as Windows Service

      • elevation_service.exe (PID: 7324)

    • Manual execution by a user

      • msedge.exe (PID: 8752)

    • Reads the software policy settings

      • slui.exe (PID: 8016)
      • SecuriteInfo.com.FileRepMalware.19700.19972.exe (PID: 7152)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2053:10:14 19:02:33+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32
LinkerVersion: 48
CodeSize: 806912
InitializedDataSize: 288256
UninitializedDataSize: -
EntryPoint: 0xc6eee
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 893.731.607.400
ProductVersionNumber: 533.839.613.166
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: CalculatorFoe
FileDescription: ToolkitEnergy
FileVersion: 893.731.607.400
InternalName: SilentClickStealer.exe
LegalCopyright: QueuePathfinder
LegalTrademarks: BuilderShield
OriginalFileName: EngineGame.exe
ProductName: ResolverNPC
ProductVersion: 533.839.613.166
AssemblyVersion: 533.839.613.166
PublicName: ValidatorUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
205
Monitored processes
83
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start securiteinfo.com.filerepmalware.19700.19972.exe cmd.exe no specs conhost.exe no specs chcp.com no specs netsh.exe no specs findstr.exe no specs svchost.exe cmd.exe no specs conhost.exe no specs tasklist.exe no specs xaitx.exe conhost.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe slui.exe chrome.exe no specs xaitx.exe no specs conhost.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs elevation_service.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
236"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3588 --field-trial-handle=2344,i,9936168240334237562,3213059373781693389,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
404"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5140 --field-trial-handle=2344,i,9936168240334237562,3213059373781693389,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
644"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=4928 --field-trial-handle=2344,i,9936168240334237562,3213059373781693389,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1128"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=2756 --field-trial-handle=2344,i,9936168240334237562,3213059373781693389,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1196\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1268netsh wlan show profiles C:\Windows\System32\netsh.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Network Command Shell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1760"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5504 --field-trial-handle=2344,i,9936168240334237562,3213059373781693389,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2240"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=7108 --field-trial-handle=2344,i,9936168240334237562,3213059373781693389,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2268"C:\Users\admin\AppData\Local\Temp\xaitx.exe" chrome --start-browserC:\Users\admin\AppData\Local\Temp\xaitx.exe
SecuriteInfo.com.FileRepMalware.19700.19972.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\xaitx.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
20 756
Read events
20 720
Write events
36
Delete events
0

Modification events

(PID) Process:(7152) SecuriteInfo.com.FileRepMalware.19700.19972.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SecuriteInfo_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(7152) SecuriteInfo.com.FileRepMalware.19700.19972.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SecuriteInfo_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(7152) SecuriteInfo.com.FileRepMalware.19700.19972.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SecuriteInfo_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(7152) SecuriteInfo.com.FileRepMalware.19700.19972.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SecuriteInfo_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(7152) SecuriteInfo.com.FileRepMalware.19700.19972.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SecuriteInfo_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(7152) SecuriteInfo.com.FileRepMalware.19700.19972.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SecuriteInfo_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(7152) SecuriteInfo.com.FileRepMalware.19700.19972.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SecuriteInfo_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(7152) SecuriteInfo.com.FileRepMalware.19700.19972.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SecuriteInfo_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(7152) SecuriteInfo.com.FileRepMalware.19700.19972.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SecuriteInfo_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(7152) SecuriteInfo.com.FileRepMalware.19700.19972.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SecuriteInfo_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
21
Suspicious files
363
Text files
31
Unknown types
1

Dropped files

PID
Process
Filename
Type
8072chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF120caa.TMP
MD5:
SHA256:
8072chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF120caa.TMP
MD5:
SHA256:
8072chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
MD5:
SHA256:
8072chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF120caa.TMP
MD5:
SHA256:
8072chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
MD5:
SHA256:
8072chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old~RF120cba.TMP
MD5:
SHA256:
8072chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
8072chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RF120cc9.TMP
MD5:
SHA256:
8072chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RF120cc9.TMP
MD5:
SHA256:
8072chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
132
TCP/UDP connections
102
DNS requests
81
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
142.250.186.132:443
https://www.google.com/async/newtab_promos
unknown
text
29 b
whitelisted
GET
200
142.250.186.132:443
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
unknown
binary
127 Kb
whitelisted
GET
142.250.186.132:443
https://www.google.com/async/ddljson?async=ntp:2
unknown
GET
200
142.250.186.132:443
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
unknown
text
7.04 Kb
whitelisted
POST
200
173.194.76.84:443
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
unknown
text
17 b
whitelisted
GET
200
142.250.181.227:443
https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=122
unknown
compressed
98.1 Kb
whitelisted
8032
RUXIMICS.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7152
SecuriteInfo.com.FileRepMalware.19700.19972.exe
GET
200
104.16.184.241:80
http://icanhazip.com/
unknown
whitelisted
8032
RUXIMICS.exe
GET
200
2.20.245.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
304
172.217.16.131:443
https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
8032
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
7152
SecuriteInfo.com.FileRepMalware.19700.19972.exe
104.16.184.241:80
icanhazip.com
CLOUDFLARENET
whitelisted
8032
RUXIMICS.exe
2.20.245.139:80
crl.microsoft.com
Akamai International B.V.
SE
whitelisted
8032
RUXIMICS.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
8072
chrome.exe
239.255.255.250:1900
whitelisted
5608
chrome.exe
172.217.23.99:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
5608
chrome.exe
108.177.15.84:443
accounts.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.110
whitelisted
icanhazip.com
  • 104.16.184.241
  • 104.16.185.241
whitelisted
crl.microsoft.com
  • 2.20.245.139
  • 2.20.245.137
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
clientservices.googleapis.com
  • 172.217.23.99
whitelisted
accounts.google.com
  • 108.177.15.84
whitelisted
www.google.com
  • 142.250.184.196
whitelisted
www.gstatic.com
  • 172.217.18.3
whitelisted
ogads-pa.clients6.google.com
  • 142.250.185.234
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (icanhazip .com)
7152
SecuriteInfo.com.FileRepMalware.19700.19972.exe
Attempted Information Leak
ET INFO IP Check Domain (icanhazip. com in HTTP Host)
7152
SecuriteInfo.com.FileRepMalware.19700.19972.exe
Device Retrieving External IP Address Detected
SUSPICIOUS [ANY.RUN] An IP address was received from the server as a result of an HTTP request
Potential Corporate Privacy Violation
POLICY [ANY.RUN] Sending Screenshot in Archive via POST Request
A Network Trojan was detected
ET HUNTING Observed Malicious Filename in Outbound POST Request (Information.txt)
Misc activity
SUSPICIOUS [ANY.RUN] Sent Host Name in HTTP POST Body
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SecuriteInfo.com.FileRepMalware.19700.19972.exe