File name:

7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe

Full analysis: https://app.any.run/tasks/58020d00-68a0-4951-936f-c289ee22818f
Verdict: Malicious activity
Analysis date: December 14, 2024, 11:51:47
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

239C5F964B458A0A935A4B42D74BCBDA

SHA1:

7A037D3BD8817ADF6E58734B08E807A84083F0CE

SHA256:

7809AB9C004FBD18F185C7B54554440D7B31F201980AEE6E0C62A97C0E4A984C

SSDEEP:

98304:0yajfotkOzKlcDgKGjKF+f14/ndvOva0b:99gd

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Reads the date of Windows installation

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Starts application with an unusual extension

      • cmd.exe (PID: 3692)
      • cmd.exe (PID: 1468)
      • cmd.exe (PID: 5320)
      • cmd.exe (PID: 1904)
      • cmd.exe (PID: 5448)
      • cmd.exe (PID: 5316)
      • cmd.exe (PID: 1876)
      • cmd.exe (PID: 3984)
      • cmd.exe (PID: 4308)
      • cmd.exe (PID: 1448)
      • cmd.exe (PID: 2436)
      • cmd.exe (PID: 4872)
      • cmd.exe (PID: 5320)
      • cmd.exe (PID: 1224)
      • cmd.exe (PID: 556)

    • Executing commands from a ".bat" file

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Starts CMD.EXE for commands execution

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Runs PING.EXE to delay simulation

      • cmd.exe (PID: 3692)
      • cmd.exe (PID: 1468)
      • cmd.exe (PID: 5320)
      • cmd.exe (PID: 1904)
      • cmd.exe (PID: 5448)
      • cmd.exe (PID: 5316)
      • cmd.exe (PID: 1876)
      • cmd.exe (PID: 3984)
      • cmd.exe (PID: 4308)
      • cmd.exe (PID: 1448)
      • cmd.exe (PID: 2436)
      • cmd.exe (PID: 4872)
      • cmd.exe (PID: 5320)
      • cmd.exe (PID: 1224)
      • cmd.exe (PID: 556)

    • Potential Corporate Privacy Violation

      • svchost.exe (PID: 2192)

  • INFO

    • The process uses the downloaded file

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Reads Environment values

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Create files in a temporary directory

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)

    • Checks supported languages

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • chcp.com (PID: 3208)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • chcp.com (PID: 372)
      • chcp.com (PID: 2136)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • chcp.com (PID: 3984)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • chcp.com (PID: 536)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • chcp.com (PID: 4840)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • chcp.com (PID: 5036)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • chcp.com (PID: 4512)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • chcp.com (PID: 4668)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • chcp.com (PID: 244)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • chcp.com (PID: 5244)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • chcp.com (PID: 2512)
      • chcp.com (PID: 3744)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • chcp.com (PID: 2972)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)
      • chcp.com (PID: 4308)

    • Reads the computer name

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Reads the machine GUID from the registry

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)

    • Process checks computer location settings

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Changes the display of characters in the console

      • cmd.exe (PID: 3692)
      • cmd.exe (PID: 1468)
      • cmd.exe (PID: 5320)
      • cmd.exe (PID: 1904)
      • cmd.exe (PID: 5448)
      • cmd.exe (PID: 5316)
      • cmd.exe (PID: 1876)
      • cmd.exe (PID: 3984)
      • cmd.exe (PID: 4308)
      • cmd.exe (PID: 1448)
      • cmd.exe (PID: 2436)
      • cmd.exe (PID: 4872)
      • cmd.exe (PID: 5320)
      • cmd.exe (PID: 1224)
      • cmd.exe (PID: 556)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (56.7)
.exe | Win64 Executable (generic) (21.3)
.scr | Windows screen saver (10.1)
.dll | Win32 Dynamic Link Library (generic) (5)
.exe | Win32 Executable (generic) (3.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:06:28 12:02:39+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 3261952
InitializedDataSize: 3584
UninitializedDataSize: -
EntryPoint: 0x31e56e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.1
ProductVersionNumber: 0.0.0.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: Windows Security Service
FileDescription: Windows Security Service
FileVersion: 0.0.0.1
InternalName: Windows Security Service
LegalCopyright: Windows Security Service
LegalTrademarks: Windows Security Service
OriginalFileName: Windows Security Service
ProductName: Windows Security Service
ProductVersion: 0.0.0.1
AssemblyVersion: 0.0.0.1
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
192
Monitored processes
76
Malicious processes
22
Suspicious processes
5

Behavior graph

Click at the process to see the details
start 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs svchost.exe 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
244chcp 65001C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
372chcp 65001C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
536chcp 65001C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
556C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\hdbIVv1BB7to.bat" "C:\Windows\System32\cmd.exe7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
628ping -n 10 localhost C:\Windows\System32\PING.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
732ping -n 10 localhost C:\Windows\System32\PING.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
1020\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1140"C:\Users\admin\Desktop\7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe" C:\Users\admin\Desktop\7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe
cmd.exe
User:
admin
Company:
Windows Security Service
Integrity Level:
MEDIUM
Description:
Windows Security Service
Exit code:
0
Version:
0.0.0.1
Modules
Images
c:\users\admin\desktop\7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1172"C:\Users\admin\Desktop\7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe" C:\Users\admin\Desktop\7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe
cmd.exe
User:
admin
Company:
Windows Security Service
Integrity Level:
MEDIUM
Description:
Windows Security Service
Exit code:
0
Version:
0.0.0.1
Modules
Images
c:\users\admin\desktop\7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1200\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
16 138
Read events
16 123
Write events
15
Delete events
0

Modification events

(PID) Process:(5560) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(5200) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(3816) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(1296) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(3808) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(4932) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(5564) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(5540) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(3688) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(3612) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
Executable files
0
Suspicious files
0
Text files
15
Unknown types
0

Dropped files

PID
Process
Filename
Type
36887809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\tIsZQmXp6o95.battext
MD5:CA7BFE9496CD3088D4DA883CEA0B5E2E
SHA256:8ADD264E32EB2D5CA60338F2BC513D0CC6822F26954FA98D061B2F71200B8443
38087809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\8U273ZIkcvxk.battext
MD5:D17726AF10EC13185BBB5F3729602D12
SHA256:00BED4170402B18F134F1434503ED930E2A8BD7542FA7098A0615194028DFC4F
49327809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\R14c3OwZ26jN.battext
MD5:9FFD2AD1E385646D2C8F54BD12015D9B
SHA256:0A68FFF6A1D8ACCF5BB8AD1B930C053489A464DF2528A996B56CD4802BA1524B
34367809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\aTqdnVBSOnzE.battext
MD5:38859C9EF714F475A4B3D67D8B66C769
SHA256:67F1628449412C07A59760C6D402077B75C2694D85F0692AA6AA876D9DB86FA3
36127809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\J36ithO2DuDO.battext
MD5:3234E9233D586107370F496B96D44DD5
SHA256:076E151BA34D6E7093C8C4CF1DAF2264FD9074A874E9A1AAB6A93158C80E084F
55647809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\scg9CLO5HfSc.battext
MD5:39A56278C0FFBE3F49BDE646132283EF
SHA256:9E3F9604D066D1CF7467C387E827C701A5C4ABD1308ED3268D25447A806F65D8
55607809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\eNLPD8QMxnjf.battext
MD5:A98A9E75D33F1C59EB10D8755A6C1213
SHA256:11486E0CAA1A74B48F4AACB2306B07A71B14475DED0626A57A8DB02F7E3A31B3
38167809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\FraRRo4VWMYT.battext
MD5:8E62C2EF6F817C99EF06067FF22E5047
SHA256:0E72E8B40E2000405BB1ADB133CD5C221662BC6E22C0396016FAB09839FF151C
55407809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\DVTFD9zFnTM8.battext
MD5:FDCA25FE11756B8D79AB086AC3ADFDAD
SHA256:494706062CA26FD8C296727FD32ACF77D5EDDC01245D5C93CD6F15083BFF14C3
11727809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\nL6ATrkFzncC.battext
MD5:53F4E7066BF458EE8CFDF5B8369B933E
SHA256:9A1DDB9685BA9A4206ED76E78524640F29C4292EF87886D4507C2BF9BE2F9EE5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
19
DNS requests
22
Threats
30

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4300
svchost.exe
GET
200
23.32.238.112:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4300
svchost.exe
GET
200
23.38.73.129:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.32.238.112:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.38.73.129:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
192.168.100.255:137
whitelisted
4300
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.19.80.89:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
4300
svchost.exe
23.32.238.112:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.32.238.112:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4300
svchost.exe
23.38.73.129:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.38.73.129:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 20.73.194.208
whitelisted
www.bing.com
  • 2.19.80.89
  • 2.19.80.27
  • 2.19.80.56
whitelisted
google.com
  • 172.217.23.110
whitelisted
crl.microsoft.com
  • 23.32.238.112
  • 23.32.238.107
whitelisted
www.microsoft.com
  • 23.38.73.129
whitelisted
VIPEEK1990-25013.portmap.host
malicious
self.events.data.microsoft.com
  • 20.42.65.89
whitelisted

Threats

PID
Process
Class
Message
2192
svchost.exe
Misc activity
ET INFO DNS Query for Port Mapping/Tunneling Service Domain (.portmap .host)
2192
svchost.exe
Potential Corporate Privacy Violation
ET POLICY DNS Query to a Reverse Proxy Service Observed
2192
svchost.exe
Potential Corporate Privacy Violation
ET POLICY DNS Query to a Reverse Proxy Service Observed
2192
svchost.exe
Misc activity
ET INFO DNS Query for Port Mapping/Tunneling Service Domain (.portmap .host)
2192
svchost.exe
Potential Corporate Privacy Violation
ET POLICY DNS Query to a Reverse Proxy Service Observed
2192
svchost.exe
Misc activity
ET INFO DNS Query for Port Mapping/Tunneling Service Domain (.portmap .host)
2192
svchost.exe
Potential Corporate Privacy Violation
ET POLICY DNS Query to a Reverse Proxy Service Observed
2192
svchost.exe
Misc activity
ET INFO DNS Query for Port Mapping/Tunneling Service Domain (.portmap .host)
2192
svchost.exe
Potential Corporate Privacy Violation
ET POLICY DNS Query to a Reverse Proxy Service Observed
2192
svchost.exe
Misc activity
ET INFO DNS Query for Port Mapping/Tunneling Service Domain (.portmap .host)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe