File name:

Venom RAT + HVNC + Stealer + Grabber.exe

Full analysis: https://app.any.run/tasks/539e7901-9bfa-4efa-8bb1-9e514b885c91
Verdict: Malicious activity
Threats:

AsyncRAT is a RAT that can monitor and remotely control infected systems. This malware was introduced on Github as a legitimate open-source remote administration software, but hackers use it for its many powerful malicious functions.

Malware Trends Tracker     >>>
Analysis date: July 25, 2024, 14:11:36
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
asyncrat
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:

3B3A304C6FC7A3A1D9390D7CBFF56634

SHA1:

E8BD5244E6362968F5017680DA33F1E90AE63DD7

SHA256:

7331368C01B2A16BDA0F013F376A039E6AEB4CB2DD8B0C2AFC7CA208FB544C58

SSDEEP:

196608:Nja6chUZX81lbFklbYJygrP7aIBhLkNPFCZZwiJl1NLIsPA8fxvuIMzd/95UhS1G:qT+P+Zw6NLIsFfskh1BmXG04N

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Venom RAT + HVNC + Stealer + Grabber.exe (PID: 6656)

    • ASYNCRAT has been detected (YARA)

      • Venom RAT + HVNC + Stealer + Grabber.exe (PID: 6656)

  • SUSPICIOUS

    • Executes application which crashes

      • Venom RAT + HVNC + Stealer + Grabber.exe (PID: 6656)
      • Venom RAT + HVNC + Stealer + Grabber.exe (PID: 6472)
      • Venom RAT + HVNC + Stealer + Grabber.exe (PID: 4188)

  • INFO

    • Manual execution by a user

      • Venom RAT + HVNC + Stealer + Grabber.exe (PID: 6472)
      • Venom RAT + HVNC + Stealer + Grabber.exe (PID: 4188)

    • Checks supported languages

      • Venom RAT + HVNC + Stealer + Grabber.exe (PID: 6656)
      • Venom RAT + HVNC + Stealer + Grabber.exe (PID: 6472)
      • Venom RAT + HVNC + Stealer + Grabber.exe (PID: 4188)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 6428)
      • WerFault.exe (PID: 3556)
      • WerFault.exe (PID: 4036)

    • Checks proxy server information

      • WerFault.exe (PID: 6428)
      • WerFault.exe (PID: 3556)
      • WerFault.exe (PID: 4036)

    • Reads the computer name

      • Venom RAT + HVNC + Stealer + Grabber.exe (PID: 6472)
      • Venom RAT + HVNC + Stealer + Grabber.exe (PID: 6656)
      • Venom RAT + HVNC + Stealer + Grabber.exe (PID: 4188)

    • Reads the software policy settings

      • WerFault.exe (PID: 6428)
      • WerFault.exe (PID: 3556)
      • WerFault.exe (PID: 4036)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (42.9)
.exe | Win32 EXE PECompact compressed (generic) (24.3)
.exe | Win64 Executable (generic) (16.1)
.scr | Windows screen saver (7.6)
.dll | Win32 Dynamic Link Library (generic) (3.8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2068:12:31 07:38:15+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32
LinkerVersion: 48
CodeSize: 14857728
InitializedDataSize: 10240
UninitializedDataSize: -
EntryPoint: 0xe2d4ae
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 6.0.1.0
ProductVersionNumber: 6.0.1.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: -
FileDescription: VenomRAT
FileVersion: 6.0.1
InternalName: Venom RAT + HVNC + Stealer + Grabber.exe
LegalCopyright: Copyright © 2023
LegalTrademarks: -
OriginalFileName: Venom RAT + HVNC + Stealer + Grabber.exe
ProductName: -
ProductVersion: 6.0.1
AssemblyVersion: 6.0.1.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
7
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #ASYNCRAT venom rat + hvnc + stealer + grabber.exe werfault.exe slui.exe no specs venom rat + hvnc + stealer + grabber.exe werfault.exe venom rat + hvnc + stealer + grabber.exe werfault.exe

Process information

PID
CMD
Path
Indicators
Parent process
3556C:\WINDOWS\system32\WerFault.exe -u -p 6472 -s 776C:\Windows\System32\WerFault.exe
Venom RAT + HVNC + Stealer + Grabber.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
4036C:\WINDOWS\system32\WerFault.exe -u -p 4188 -s 764C:\Windows\System32\WerFault.exe
Venom RAT + HVNC + Stealer + Grabber.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\umpdc.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\policymanager.dll
4188"C:\Users\admin\Desktop\Venom RAT + HVNC + Stealer + Grabber.exe" C:\Users\admin\Desktop\Venom RAT + HVNC + Stealer + Grabber.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
VenomRAT
Exit code:
3762504530
Version:
6.0.1
Modules
Images
c:\windows\system32\shlwapi.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework64\v4.0.30319\clr.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6428C:\WINDOWS\system32\WerFault.exe -u -p 6656 -s 792C:\Windows\System32\WerFault.exe
Venom RAT + HVNC + Stealer + Grabber.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
6472"C:\Users\admin\Desktop\Venom RAT + HVNC + Stealer + Grabber.exe" C:\Users\admin\Desktop\Venom RAT + HVNC + Stealer + Grabber.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
VenomRAT
Exit code:
3762504530
Version:
6.0.1
Modules
Images
c:\users\admin\desktop\venom rat + hvnc + stealer + grabber.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
6656"C:\Users\admin\Desktop\Venom RAT + HVNC + Stealer + Grabber.exe" C:\Users\admin\Desktop\Venom RAT + HVNC + Stealer + Grabber.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
VenomRAT
Exit code:
3762504530
Version:
6.0.1
Modules
Images
c:\users\admin\desktop\venom rat + hvnc + stealer + grabber.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
6836C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
10 852
Read events
10 848
Write events
4
Delete events
0

Modification events

(PID) Process:(3556) WerFault.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
Operation:writeName:00180010F429971D
Value:
0100000001000000D08C9DDF0115D1118C7A00C04FC297EB0100000042CB6C300049C042863C8A748EF9A2B200000000020000000000106600000001000020000000969865AA2018FC7252D841540CD73CE8AB92CB8C9965396FED97B8CFC30C9C06000000000E800000000200002000000017BCA02E94A8C41A322FC8D090F58E979BD61952065DF707132966EAF0224F3C80000000FF02A3C35C7FB782E4C09618F006DB0768C99713034AE8A8AF58C89C641208825537EB5AD726C9EFF2BBEE0286C33AD2B43733A32AFF3B72C2DFFC94AC11BED024AF2693048DE374949A4B8F37DA9FBE8D773C4283B7D12EC7C767A41462D7CA823CBCE7E44DDFF0096526EB1162B96DBE76236785B9096DFF2DD12F7473B7AC400000009C69337FBFF2B240694147197B6E663C1BB8446905F265829C21C31CE10A9EEAB0A725CB592BD40A99E4777E3E4AF88FFDEDC0A125B88B35E5D3EED4B447E403
(PID) Process:(3556) WerFault.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
Operation:writeName:DeviceTicket
Value:
0100000001000000D08C9DDF0115D1118C7A00C04FC297EB0100000042CB6C300049C042863C8A748EF9A2B200000000020000000000106600000001000020000000F5B44EBFBAD3972F57006BAA796385E7498BD463E28506913492D945FE615CD2000000000E8000000002000020000000EFF4EA7C47242F6D9E56EF28DC5E24C3CC1F4D3811BD75FDF7ED1D81E410CF4F2008000030A0FADC892D1E61C94059CE1ECB1B597A8C6F595E3359F166237E70A4901C7985F552DBA4649553FCEAB50540475EBBD4AF6E350ABFFA6D9591BDE341973C6393839BE6A5D470152929E59661DDD2DD1248A18A7E172545037A7EC0BEA1490D43253DBB15AACAD72E408B33DB9C0CACED7B35ABE8B6B4A44B155ADAA8F832B286EDCC20DF4C28BC30E8D34753F4388350B57B935D8437E1BBA300460DA08B5BB107365EEF47997E393B4DEA03A8F948A12FAD4AE2EFD14D2FFFF2C0A7F48C44A892B0323DE8095D27AC14A45526E3471566274665D2CEF9C1F23E6478F7331BD300185B8021CE7340568F9BCC7CBA3FB3272C3AADB60D31FDFA4BF728F08D037E4594B870D337ACB06B3D7A2E64AB2DFD93EE75DD7A99FA2D9006E92DD0993EDEE5B734BEAB3F3C97CA7C093805A68CB541BD5632397FF65C4C24C93D551A5718496204E1A3D6EB286B00B64E2E2A577D9ECD784B4F69EE55312DF09B9678C5417439FDA9DCC6AD14F04FBEEF325D36B63404D0F38EF26F6296E4B99E1463564BB40323C4E73FA96F7213563BF9CA1E2C02993291AF7847BF5C3450F0CE37E834CBEA2535309366A2D653272504D58BC480C781600AB0AD85C9823495A1896A6F6B846A546F1748C5C1AFA0341C9C11BCEB11CFC9BB030371062B8BB9A4C3FF67F8A533B83300D85BDCCB47C25306808D75A746EAC4CD0AB357E54E11EE72EF0DE7F8CFFE0388FEF2DB05B8EFEE1582FE60BB573498A7C421BF7374D4968F8DE51A8492CD0232DD87BF51DD1826A31FEEB8356F97070253D9B7849A64CF20633BAFDBCF462F64EB102DE5DDF90CD1C47A49EB94A317949F639D1EB3E3B38A6B776E22284BCA11140F3BFB047B6D6C33F8C5F3E10A78ADAA0E3CB0553F3E5B64F757AA8CE0397E28199A89586C34087DFDE6AD17A37962CEC20982CD384AAEE750C00DDB8A36088054DE23918F0819F8398EA6EBE917CF4D689D7CAB296FF350F5249A170C1F364BB57C9A7743C7D4079F85020788DC1BCA7F5B45D3BEA4B0002A6F86499A531968326264437F4542EADAA1CA23729584F797B1B41D64916C05CB8F1712B92B6C9160B3B58B38D1BDAABC04B242702CECB6B07EC7D73639D1C27CA5633A2C49C7CCA7EE84E99F14725B388E4B7A8B1DDA094DE10B13558EE498F333067E61AFF14A8FBFB338EACF04ED1B3A97FE2B0A919AA0AD0823B06ABA283BF4CFC977E4CE8A46FB155E13CC7C2FF39128935D2B044ADB130F8BB01B2E3F1B83FA85CC34369E187300B012DEB7A87370BEBC5B6CC52064E3D5FB9FEDC394F71DAB39B215F1D68644E03F03BB38719B8A2072E75ABACCF60A24A37CB34748052AFA32E0D5D7BB0B4E427CCC723FE86E45E23C8A5A8BF931BB48692896A14C85B36E5E6ADCF58E441789295341F84CBBA48F7EE431B8B6DD23DB21A09D243651FF0A448B18EC7951F60015D67089C558F86404EACAC04FBDAB22052E84E343C51C58610ECD23F3E1540A5A93E69DABDDA6B501AD04F0E00B2657A5C05BA3701E216764A4C127F37C8683116EEFB01FC32AED5175F86D6961AADA08D64CB2659F079D47497F6B76474EE06C764D51792F43FAFDF268E965D511FE8383474FAAAAC94FAF4B6E18B270C2B5F38B8112621007CD9D930A8B1128F02F79444813E7079F27C7B92C52FC02DE7E9103077E3575FE5BDDB057B70C5575033269AB74C8656B26B94D36061D5DE8FF6B20D579E29BEACCA5C5DA80A9BB58A2A6F59CA79B2952D65FE41A781C2AD5F2FC0430C3234F50B6F3D198BE00048C71D7BA2EA324B58C13246A802C8E45EE5E8C0CBD19721ECE11F48F7F96005E5DD4DE31CE08357064576ADA893744D3C733E8FAF5B6C4CD23B6B5B64606762EAD505966492E7C8F5022E6D4D8AE3D75B62C9EB8852905ED86E4CE4E71BB641F49CAF01C6C7A04CE9CDCBCB11A3C00401CEFB4A7BF7C23CA00B68088785D000945597005E0BAD1FC27CB3201C62F9E72967691286A1EA86D38F46DEEBC2806BAB9D25C49491C7278318006F65D671B530F6CAE6CDD88229D2B8CDB3F6C413A40A85772655CF547D704FEB40FEC864FA5ABD157137082EFC0C527C3F127D80631AC38FCE600DACCB46180F0535AC9C9A4914526EBDC55789BB5B432AFE07F97DF5708477E65127F92224B58100D9020602509A16E943BC1955B41D53B9736B4BFABE42F08F085894EB5876D775A2692E336BCE6869FE09C394EF394895BF993901FD75551F7373E380309C90FB7656C48AD7FF2620E7F44BD0D653C93D6873915972E690C4D7F37318C797E8C050A86FA4FF3AAA7466523EA458451DA2630FA56659581B9B70010CCE4260F3EA1274CDB264E4235C4C1567C482F4D0B95E48F9A4555862FC39081CF4A5957243056281C596410E3CC4F895C04DC2FFE47243248016CC5F85E36ADA8A3E2FC055DC1A9C2B03CFBCFE3168916D504065140B630AF9641C873B7461A4C89BBDA584075EFB8A4AFEB8E68F4969EC571240859A4AE044BE48287C2FE1EBB28FB35621FBD0D0D58A750A95004FFF7EEF6C45C4480E49651CAF6BE71A69130352DB00BEE5BFC67D7226C04714967DAFF237D3A4EF16AA7B061C22B04BB943318A96AA1CDFA61B14B12E1E471041A26EF0C6A6EEA0904A4A5E7A75BA3328FBDBBA52FED854AAD7E0BE3204DC0D79714CE96BCB87BF7755731DA41577AC115839D14386BF63D3243AE944B1F6DFD7F7F55DA22FC230E4684C62129AB7DA1955BFA3857AF8A0BA894194BFD21267B05A9FD90B28EF3E6D27A95D91196E82F938C900C8EF88F1FFC8CDD5A10778A9228C8D405F670D62AF2A01947756EB66E1657DE3B4EB8C4B21798F209BF7818F0E638F64BA6A119AE4A9287E1879A8CD61486B223DD2DB8D8C25021D5583DAB76D7CC7478D49FE23996059E593C636064A040000000232DDE34669BB7D54E216A312B63A7DC69CBA5FACFAE065EFBB095DBFC972D8741D4618EFD9EF90BACACC3E9B99078BFC22244EEEA2C198386AB0CA09DFC2814
(PID) Process:(3556) WerFault.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
Operation:writeName:DeviceId
Value:
00180010F429971D
(PID) Process:(3556) WerFault.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
Operation:writeName:ApplicationFlags
Value:
1
Executable files
0
Suspicious files
5
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
6428WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Venom RAT + HVNC_ea87d7c01f8e574b49834696c258264836d983e_d3562942_1998033f-07a9-4329-a8b8-6d7e7e3db580\Report.wer
MD5:
SHA256:
6428WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\Venom RAT + HVNC + Stealer + Grabber.exe.6656.dmp
MD5:
SHA256:
3556WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Venom RAT + HVNC_ea87d7c01f8e574b49834696c258264836d983e_d3562942_7600b0ec-6fb7-4fd7-ac95-3e415e67a063\Report.wer
MD5:
SHA256:
3556WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\Venom RAT + HVNC + Stealer + Grabber.exe.6472.dmp
MD5:
SHA256:
4036WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Venom RAT + HVNC_ea87d7c01f8e574b49834696c258264836d983e_d3562942_732431b9-8c29-4df4-a0b2-79787b80c5e7\Report.wer
MD5:
SHA256:
4036WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\Venom RAT + HVNC + Stealer + Grabber.exe.4188.dmp
MD5:
SHA256:
3556WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER5EB7.tmp.WERInternalMetadata.xmlxml
MD5:279E9AAAE3B24DBC5B53A8F1CCBB3B80
SHA256:7B53BCF9132D2C53823DAF2792C1B56F7A22685C99D47B3E8F4F52AC97249275
3556WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER5E58.tmp.dmpdmp
MD5:46D0546A61D32FFA00B25683E693E2A7
SHA256:1A740C26886916EA124715CFCA5E071057FE3F49DB9B0D360762E8CA484F59CA
6428WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER1BA2.tmp.dmpbinary
MD5:9E1DE52BD7C00C6A2A47663B4E99C6B2
SHA256:1D2BB2E462767F54004B3AABAF1FA8415DEF1309BDC83B2CEE0DBC2F869F8DC0
4036WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER9548.tmp.xmlxml
MD5:CB20D388F4E5B1BD252C366E58C1FF98
SHA256:36D6660C2234BD01710A99509E7F13354D6DD10C517402EFDA961A6B22B06E87
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
48
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5272
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7032
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
1596
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4512
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6012
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3380
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2.23.209.162:443
Akamai International B.V.
GB
unknown
4204
svchost.exe
4.209.33.156:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3952
svchost.exe
239.255.255.250:1900
whitelisted
6428
WerFault.exe
52.182.143.212:443
watson.events.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
4
System
192.168.100.255:137
whitelisted
4512
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
whitelisted
google.com
  • 142.250.186.78
whitelisted
watson.events.data.microsoft.com
  • 52.182.143.212
  • 52.168.117.173
  • 20.42.73.29
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
www.bing.com
  • 104.126.37.186
  • 104.126.37.139
  • 104.126.37.155
  • 104.126.37.160
  • 104.126.37.136
  • 104.126.37.128
  • 104.126.37.130
  • 104.126.37.131
  • 104.126.37.153
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.160.17
  • 40.126.32.138
  • 40.126.32.140
  • 40.126.32.74
  • 40.126.32.76
  • 40.126.32.72
  • 20.190.160.22
  • 20.190.160.14
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Venom RAT + HVNC + Stealer + Grabber.exe