File name:

CS-GO.exe

Full analysis: https://app.any.run/tasks/0b74ff05-1dfe-4134-af3b-3b60c2947be1
Verdict: Malicious activity
Analysis date: May 03, 2024, 23:42:06
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

32FFCC78A1C7DB4F24F24694FB97B443

SHA1:

8EF86F8125C52EEE7C30408CCEC68D6E6E6F8125

SHA256:

6D19FFACB8D29C8CBDD8AE684A3F965036603D3DC27166A277D8E3D2AD25AE8B

SSDEEP:

6144:zY34UPUb/VltGERMgCskoAYfYrSMhLcfv6npVS4ESMTpP5nRb7tnjbPnXDZyjg1b:XUPZWkvY3t6pVSBSSojQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • CS-GO.exe (PID: 3972)

  • SUSPICIOUS

    • Reads the Internet Settings

      • CS-GO.exe (PID: 3972)
      • cmd.exe (PID: 4088)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 4088)

    • Starts CMD.EXE for commands execution

      • CS-GO.exe (PID: 3972)

    • Reads security settings of Internet Explorer

      • CS-GO.exe (PID: 3972)

    • Executing commands from a ".bat" file

      • CS-GO.exe (PID: 3972)

    • Reads Microsoft Outlook installation path

      • CS-GO.exe (PID: 3972)

    • Reads Internet Explorer settings

      • CS-GO.exe (PID: 3972)

    • Uses RUNDLL32.EXE to load library

      • CS-GO.exe (PID: 3972)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 2108)
      • msedge.exe (PID: 2592)
      • msedge.exe (PID: 2776)
      • chrome.exe (PID: 2988)

    • Reads the computer name

      • wmpnscfg.exe (PID: 2664)
      • CS-GO.exe (PID: 3972)

    • Checks supported languages

      • wmpnscfg.exe (PID: 2664)
      • CS-GO.exe (PID: 3972)

    • Checks proxy server information

      • CS-GO.exe (PID: 3972)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2664)
      • chrome.exe (PID: 2988)

    • Reads the machine GUID from the registry

      • CS-GO.exe (PID: 3972)

    • Create files in a temporary directory

      • CS-GO.exe (PID: 3972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2013:12:01 08:08:28+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 100352
InitializedDataSize: 87040
UninitializedDataSize: -
EntryPoint: 0x108af
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
121
Monitored processes
88
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start cs-go.exe no specs rundll32.exe no specs cmd.exe no specs msedge.exe timeout.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
524"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1344 --field-trial-handle=1316,i,12834824950350745611,12552987104487743788,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
600"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3968 --field-trial-handle=1316,i,12834824950350745611,12552987104487743788,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
752"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5124 --field-trial-handle=1328,i,17880605505833655411,1556021900012458509,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
860"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1328,i,17880605505833655411,1556021900012458509,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
956"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2720 --field-trial-handle=1328,i,17880605505833655411,1556021900012458509,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
960"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4296 --field-trial-handle=1328,i,17880605505833655411,1556021900012458509,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
1036timeout /t 3 /nobreak C:\Windows\System32\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
1036"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.PageScreenshotProcessor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5308 --field-trial-handle=1328,i,17880605505833655411,1556021900012458509,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
1044"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=3024 --field-trial-handle=1164,i,10125313409759304059,13968238816733774773,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1056"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1328,i,17880605505833655411,1556021900012458509,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
Total events
33 284
Read events
33 097
Write events
176
Delete events
11

Modification events

(PID) Process:(3972) CS-GO.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3972) CS-GO.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3972) CS-GO.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3972) CS-GO.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3972) CS-GO.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3972) CS-GO.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3972) CS-GO.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2108) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2108) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2108) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
Executable files
5
Suspicious files
198
Text files
118
Unknown types
161

Dropped files

PID
Process
Filename
Type
2108msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State
MD5:
SHA256:
2108msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF105e3f.TMP
MD5:
SHA256:
2108msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
2108msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF105e5e.TMP
MD5:
SHA256:
2108msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
2108msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF105ecb.TMP
MD5:
SHA256:
2108msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
3972CS-GO.exeC:\Users\admin\AppData\Local\Temp\nosTEAM.bmpbinary
MD5:7ACF8532AB417906B1758839EFB1B213
SHA256:D29E033C40DC6383AB52823F559934279326596B62F9C44690D27DA843A39D18
3972CS-GO.exeC:\Users\admin\AppData\Local\Temp\Counter-Strike Global Offensive PC game MP+SP ^^nosTEAM^^.torrenttorrent
MD5:ADEFE4C0250A331676EB932ED1931EF1
SHA256:796D37CAFAE06EB1F3CAAAD8BBE91FBCF5A763BC2CF7A0F31723DB0013BB7DEE
3972CS-GO.exeC:\Users\admin\AppData\Local\Temp\update-csgo.battext
MD5:C50F1BF77D83B5F7A6419882BAD3437D
SHA256:03B31A57DEDABE88AF849E5F4BB08BE1FA3AEBDAEF6052F18124D9449DE67D59
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
39
TCP/UDP connections
208
DNS requests
306
Threats
12

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1368
msedge.exe
GET
200
89.40.214.121:80
http://www.nosteam.ro/games/index.html
unknown
unknown
3008
msedge.exe
GET
200
89.40.214.121:80
http://www.nosteam.ro/Themes/default/scripts/jquery-1.11.0.min.js
unknown
unknown
3008
msedge.exe
GET
200
89.40.214.121:80
http://www.nosteam.ro/info/2pipo.js
unknown
unknown
2776
msedge.exe
GET
200
46.228.146.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a921d5756027e62a
unknown
unknown
1368
msedge.exe
GET
200
89.40.214.121:80
http://www.nosteam.ro/info/games/
unknown
unknown
2776
msedge.exe
GET
200
46.228.146.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d4177d00d70b7244
unknown
unknown
1368
msedge.exe
GET
301
89.40.214.121:80
http://www.nosteam.ro/portall/
unknown
unknown
1368
msedge.exe
GET
200
89.40.214.121:80
http://www.nosteam.ro/favicon.ico
unknown
unknown
3008
msedge.exe
GET
200
89.40.214.121:80
http://www.nosteam.ro/index.php?topic=5068.msg111982
unknown
unknown
2776
msedge.exe
GET
200
2.19.105.18:80
http://r3.i.lencr.org/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
1368
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2108
msedge.exe
239.255.255.250:1900
unknown
1368
msedge.exe
89.40.214.121:80
www.nosteam.ro
Chroot Network SRL
RO
unknown
1368
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1368
msedge.exe
188.114.97.3:443
greatdexchange.com
unknown
1368
msedge.exe
2.19.120.29:443
www.bing.com
Akamai International B.V.
DE
unknown
2776
msedge.exe
239.255.255.250:1900
unknown

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.nosteam.ro
  • 89.40.214.121
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
www.bing.com
  • 2.19.120.29
  • 2.19.120.21
  • 92.123.104.32
  • 92.123.104.34
  • 184.86.251.27
  • 184.86.251.22
whitelisted
greatdexchange.com
  • 188.114.96.3
  • 188.114.97.3
whitelisted
r3.i.lencr.org
  • 2.19.105.18
whitelisted
www.paypal.com
  • 151.101.65.21
  • 151.101.193.21
  • 151.101.1.21
  • 151.101.129.21
whitelisted
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
  • 2.16.100.178
  • 88.221.110.121
whitelisted
ctldl.windowsupdate.com
  • 46.228.146.0
whitelisted
publisher.linkvertise.com
  • 172.67.69.167
  • 104.26.14.247
  • 104.26.15.247
whitelisted

Threats

PID
Process
Class
Message
3008
msedge.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
3008
msedge.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
3008
msedge.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
3008
msedge.exe
Misc activity
ET INFO Observed ZeroSSL SSL/TLS Certificate
3008
msedge.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
3008
msedge.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
3008
msedge.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
Misc activity
ET INFO Observed ZeroSSL SSL/TLS Certificate
1940
chrome.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
1940
chrome.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CS-GO.exe