File name:

grimresource.msc

Full analysis: https://app.any.run/tasks/09eb67bb-a135-4f09-8748-119be4e3cd59
Verdict: Malicious activity
Analysis date: June 26, 2024, 20:53:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/xml
File info: XML 1.0 document, ASCII text, with very long lines (30727)
MD5:

9637B9A3A5F4A05963200276C8386449

SHA1:

1822704B3253B3C939663BF340F7B7272344DF1F

SHA256:

7ACF08D938509E3DA4C92016956342A7EF2F08F3A863DF1D12F3AD74CCCB4642

SSDEEP:

768:aJEjnbnsnnEn+nnCnn8cntnHniaDRAnPbQwnxnnnhnnn+onnnOZannnDnnnEBhnz:oDyh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Internet Explorer settings

      • mmc.exe (PID: 2712)
      • mmc.exe (PID: 2392)
      • mmc.exe (PID: 2936)
      • mmc.exe (PID: 3860)
      • mmc.exe (PID: 1876)

    • Reads Microsoft Outlook installation path

      • mmc.exe (PID: 2712)
      • mmc.exe (PID: 2392)
      • mmc.exe (PID: 2936)
      • mmc.exe (PID: 3860)
      • mmc.exe (PID: 1876)

    • Reads the Internet Settings

      • mmc.exe (PID: 2712)
      • mmc.exe (PID: 2392)
      • mmc.exe (PID: 1876)
      • mmc.exe (PID: 2936)
      • mmc.exe (PID: 3860)

  • INFO

    • Manual execution by a user

      • msedge.exe (PID: 2524)
      • mmc.exe (PID: 2712)
      • mmc.exe (PID: 1020)
      • mmc.exe (PID: 2988)
      • mmc.exe (PID: 2392)
      • mmc.exe (PID: 3484)
      • mmc.exe (PID: 2936)
      • mmc.exe (PID: 3196)
      • mmc.exe (PID: 3860)
      • mmc.exe (PID: 3552)
      • mmc.exe (PID: 1876)

    • Application launched itself

      • iexplore.exe (PID: 3520)
      • msedge.exe (PID: 2524)

    • Creates files or folders in the user directory

      • mmc.exe (PID: 2712)
      • mmc.exe (PID: 2392)
      • mmc.exe (PID: 2936)
      • mmc.exe (PID: 3860)
      • mmc.exe (PID: 1876)

    • Reads security settings of Internet Explorer

      • mmc.exe (PID: 2712)
      • mmc.exe (PID: 2392)
      • mmc.exe (PID: 2936)
      • mmc.exe (PID: 3860)
      • mmc.exe (PID: 1876)

    • Checks proxy server information

      • mmc.exe (PID: 2712)
      • mmc.exe (PID: 2392)
      • mmc.exe (PID: 2936)
      • mmc.exe (PID: 3860)
      • mmc.exe (PID: 1876)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.xml | Generic XML (ASCII) (62.5)
.html | HyperText Markup Language (37.5)

EXIF

XMP

MMC_ConsoleFileConsoleVersion: 3
MMC_ConsoleFileProgramMode: UserSDI
MMC_ConsoleFileConsoleFileID: a7bf8102-12e1-4226-aa6a-2ba71f6249d0
MMC_ConsoleFileFrameStateShowStatusBar: -
MMC_ConsoleFileFrameStateWindowPlacementShowCommand: SW_HIDE
MMC_ConsoleFileFrameStateWindowPlacementPointName: MinPosition
MMC_ConsoleFileFrameStateWindowPlacementPointX: -1
MMC_ConsoleFileFrameStateWindowPlacementPointY: -1
MMC_ConsoleFileFrameStateWindowPlacementRectangleName: NormalPosition
MMC_ConsoleFileFrameStateWindowPlacementRectangleTop: -
MMC_ConsoleFileFrameStateWindowPlacementRectangleBottom: -
MMC_ConsoleFileFrameStateWindowPlacementRectangleLeft: -
MMC_ConsoleFileFrameStateWindowPlacementRectangleRight: -
MMC_ConsoleFileViewsViewId: 1
MMC_ConsoleFileViewsViewScopePaneWidth: -
MMC_ConsoleFileViewsViewActionsPaneWidth: -1
MMC_ConsoleFileViewsViewBookMarkName: RootNode
MMC_ConsoleFileViewsViewBookMarkNodeID: 1
MMC_ConsoleFileViewsViewWindowPlacementWpfRestoretomaximized:
MMC_ConsoleFileViewsViewWindowPlacementShowCommand: SW_HIDE
MMC_ConsoleFileViewsViewWindowPlacementPointName: MinPosition
MMC_ConsoleFileViewsViewWindowPlacementPointX: -1
MMC_ConsoleFileViewsViewWindowPlacementPointY: -1
MMC_ConsoleFileViewsViewWindowPlacementRectangleName: NormalPosition
MMC_ConsoleFileViewsViewWindowPlacementRectangleTop: -
MMC_ConsoleFileViewsViewWindowPlacementRectangleBottom: -
MMC_ConsoleFileViewsViewWindowPlacementRectangleLeft: -
MMC_ConsoleFileViewsViewWindowPlacementRectangleRight: -
MMC_ConsoleFileViewsViewViewOptionsViewMode: Report
MMC_ConsoleFileViewsViewViewOptionsScopePaneVisible:
MMC_ConsoleFileViewsViewViewOptionsActionsPaneVisible: -
MMC_ConsoleFileViewsViewViewOptionsDescriptionBarVisible: -
MMC_ConsoleFileViewsViewViewOptionsDefaultColumn0Width: 200
MMC_ConsoleFileViewsViewViewOptionsDefaultColumn1Width: -
MMC_ConsoleFileVisualAttributesIconIndex: 85
MMC_ConsoleFileVisualAttributesIconFile: %windir%\System32\imageres.dll
MMC_ConsoleFileVisualAttributesIconImageName: Large
MMC_ConsoleFileVisualAttributesIconImageBinaryRefIndex: 2
MMC_ConsoleFileFavoritesFavoriteType: Group
MMC_ConsoleFileFavoritesFavoriteStringName: Name
MMC_ConsoleFileFavoritesFavoriteStringId: 1
MMC_ConsoleFileFavoritesFavoriteFavorites: -
MMC_ConsoleFileScopeTreeSnapinCacheSnapinClsid: {C96401CC-0E17-11D3-885B-00C04F72C717}
MMC_ConsoleFileScopeTreeSnapinCacheSnapinAllExtensionsEnabled:
MMC_ConsoleFileScopeTreeNodesNodeId: 1
MMC_ConsoleFileScopeTreeNodesNodeImageIdx: -
MMC_ConsoleFileScopeTreeNodesNodeClsid: {C96401CC-0E17-11D3-885B-00C04F72C717}
MMC_ConsoleFileScopeTreeNodesNodePreload:
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeId: 13
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeImageIdx: -
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeClsid: {C96401D1-0E17-11D3-885B-00C04F72C717}
MMC_ConsoleFileScopeTreeNodesNodeNodesNodePreload:
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeNodes: -
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeStringName: Name
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeStringId: 38
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeComponentDatasComponentDataGuidName: Snapin
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeComponentDatasComponentDataGuid: {C96401D1-0E17-11D3-885B-00C04F72C717}
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeComponentDatasComponentDataStreamBinaryRefIndex: -
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeComponents: -
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeComponentsComponentViewID: 1
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeComponentsComponentGuidName: Snapin
MMC_ConsoleFileScopeTreeNodesNodeNodesNodeComponentsComponentGuid: {C96401CF-0E17-11D3-885B-00C04F72C717}
MMC_ConsoleFileScopeTreeNodesNodeStringName: Name
MMC_ConsoleFileScopeTreeNodesNodeStringId: 8
MMC_ConsoleFileScopeTreeNodesNodeComponentDatasComponentDataGuidName: Snapin
MMC_ConsoleFileScopeTreeNodesNodeComponentDatasComponentDataGuid: {C96401CC-0E17-11D3-885B-00C04F72C717}
MMC_ConsoleFileScopeTreeNodesNodeComponents: -
MMC_ConsoleFileConsoleTaskpads: -
MMC_ConsoleFileViewSettingsCache: -
MMC_ConsoleFileColumnSettingsCache: -
MMC_ConsoleFileStringTablesIdentifierPoolAbsoluteMin: 1
MMC_ConsoleFileStringTablesIdentifierPoolAbsoluteMax: 65535
MMC_ConsoleFileStringTablesIdentifierPoolNextAvailable: 40
MMC_ConsoleFileStringTablesStringTableGuid: {71E5B33E-1064-11D2-808F-0000F875A9CE}
MMC_ConsoleFileStringTablesStringTableStringsStringId: 1
MMC_ConsoleFileStringTablesStringTableStringsStringRefs: 1
MMC_ConsoleFileStringTablesStringTableStringsString: Favorites
MMC_ConsoleFileBinaryStorageBinary: AQAAABQAAAAAAAAAJgAAACcAAAA=
MMC_ConsoleFileBinaryStorageBinaryName: CONSOLE_FILE_ICON_LARGE
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
79
Monitored processes
22
Malicious processes
0
Suspicious processes
5

Behavior graph

Click at the process to see the details
start msoxmled.exe no specs iexplore.exe iexplore.exe no specs iexplore.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs mmc.exe no specs mmc.exe mmc.exe no specs mmc.exe mmc.exe no specs mmc.exe mmc.exe no specs mmc.exe mmc.exe no specs mmc.exe

Process information

PID
CMD
Path
Indicators
Parent process
268"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6b21f598,0x6b21f5a8,0x6b21f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
324"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2124 --field-trial-handle=1292,i,9276938769801782935,1826098940158846524,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
400"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3520 CREDAT:78849 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
744"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1372 --field-trial-handle=1292,i,9276938769801782935,1826098940158846524,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1020"C:\Windows\system32\mmc.exe" "C:\Users\admin\Desktop\grimresource.msc.msc" C:\Windows\System32\mmc.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Management Console
Exit code:
3221226540
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\mmc.exe
c:\windows\system32\ntdll.dll
1828"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1292,i,9276938769801782935,1826098940158846524,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1876"C:\Windows\system32\mmc.exe" C:\Windows\System32\mmc.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Management Console
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\mmc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\mfc42u.dll
1904"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1292,i,9276938769801782935,1826098940158846524,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2392"C:\Windows\system32\mmc.exe" "C:\Users\admin\Desktop\grimresource.msc.msc" C:\Windows\System32\mmc.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Management Console
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\mmc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\mfc42u.dll
2524"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\admin\Desktop\grimresource.msc.xmlC:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
28 091
Read events
27 718
Write events
322
Delete events
51

Modification events

(PID) Process:(3384) MSOXMLED.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3384) MSOXMLED.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3384) MSOXMLED.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31115274
(PID) Process:(3520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31115274
(PID) Process:(3520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
Executable files
0
Suspicious files
52
Text files
35
Unknown types
3

Dropped files

PID
Process
Filename
Type
3520iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3520iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF02A15367CFA38D93.TMPbinary
MD5:66BBB19C0617C6AC0C40A75A5A48FCF0
SHA256:E886DAEDC722E51FB767E57887C5AF88A61CC25EF448CE79BE576565B707AB7C
3520iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10Dbinary
MD5:8EFAA8E965802F9386214FF0E60C0A7B
SHA256:15D8187C8DB061F555BFA4114260463187524BE54DC423785780F95E18BD0EAF
3520iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{2632F725-33FE-11EF-9AAA-12A9866C77DE}.datbinary
MD5:EE140E14C4B4BEB48E15D6649E4541D9
SHA256:D536121D2071CF8CD05EC7263D86A90DBB55DC084E9C613CA7FC6A4FDF0D041C
3520iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF180D7D23BB6B07F5.TMPbinary
MD5:BF2B385E6212255AE1733E6E1392EF9C
SHA256:DD9A9C7713B11D06CC4EC14CC8352001BC2191DBB3F7F383097D34705D04DABE
3520iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFEF2CD4F6E8C57547.TMPgmc
MD5:8F3D5D72F8BD978082B65A462A131DAE
SHA256:FA3A8A2720EB2EEDF13A7411AB51A132220A63C30CE2179EC5EDC094059C726A
3520iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{2632F724-33FE-11EF-9AAA-12A9866C77DE}.datbinary
MD5:5B1F20AA9550A942423D0C34F66614DC
SHA256:BB38E95B1E7C063E01BB4828DF3DD27B50306D3890AE52CE54E14AC29054472D
3520iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF509bb.TMP
MD5:
SHA256:
2524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
20
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3520
iexplore.exe
GET
304
23.50.131.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e10ef22cada8e5df
unknown
unknown
3520
iexplore.exe
GET
304
23.50.131.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ec1db1b006830bee
unknown
unknown
3520
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
unknown
1372
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
1372
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
1060
svchost.exe
GET
304
23.50.131.202:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5e5d86b7c9b09139
unknown
unknown
3520
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1372
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
3520
iexplore.exe
104.126.37.128:443
www.bing.com
Akamai International B.V.
DE
unknown
3520
iexplore.exe
23.50.131.200:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
3520
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2524
msedge.exe
239.255.255.250:1900
whitelisted
1828
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1828
msedge.exe
52.123.224.71:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown

DNS requests

Domain
IP
Reputation
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 104.126.37.128
  • 104.126.37.162
  • 104.126.37.123
  • 104.126.37.139
  • 104.126.37.161
  • 104.126.37.145
  • 104.126.37.153
  • 104.126.37.146
  • 104.126.37.186
whitelisted
ctldl.windowsupdate.com
  • 23.50.131.200
  • 23.50.131.221
  • 23.50.131.205
  • 23.50.131.202
  • 23.50.131.216
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
config.edge.skype.com
  • 52.123.224.71
  • 52.123.243.206
  • 52.123.224.67
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
grimresource.msc