URL:

https://androiddatahost.com/au8bt

Full analysis: https://app.any.run/tasks/50e4f263-0df6-48ba-bfaf-3f951414e1d1
Verdict: Malicious activity
Analysis date: February 25, 2024, 11:50:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

3E591DB749B4BE5F885131627050864C

SHA1:

BB5B4D43B52747829BBA98E952C1B564794E72FD

SHA256:

8050093B2E589E04BB570467E35C57AD452BE6262A45D43429B3E95E2128515F

SSDEEP:

3:N8FMB4qIi:22B4qIi

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Amlogic USB Burning Tool v3.2.8.exe (PID: 3800)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 296)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 316)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Amlogic USB Burning Tool v3.2.8.exe (PID: 3800)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 296)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 316)

    • Reads the Windows owner or organization settings

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 316)

    • Process drops legitimate windows executable

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 316)

    • Starts CMD.EXE for commands execution

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 316)

    • Reads security settings of Internet Explorer

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 316)

    • Drops a system driver (possible attempt to evade defenses)

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 316)

    • Reads the Internet Settings

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 316)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 3520)

    • The process drops C-runtime libraries

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 316)

  • INFO

    • Manual execution by a user

      • explorer.exe (PID: 1740)
      • WinRAR.exe (PID: 3404)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 3800)

    • Checks supported languages

      • Amlogic USB Burning Tool v3.2.8.exe (PID: 3800)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2772)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 296)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 316)

    • Application launched itself

      • iexplore.exe (PID: 4052)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 4052)

    • The process uses the downloaded file

      • iexplore.exe (PID: 4052)
      • WinRAR.exe (PID: 3404)

    • Create files in a temporary directory

      • Amlogic USB Burning Tool v3.2.8.exe (PID: 3800)
      • Amlogic USB Burning Tool v3.2.8.exe (PID: 296)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 316)

    • Reads the computer name

      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 2772)
      • Amlogic USB Burning Tool v3.2.8.tmp (PID: 316)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
54
Monitored processes
10
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe explorer.exe no specs winrar.exe no specs amlogic usb burning tool v3.2.8.exe amlogic usb burning tool v3.2.8.tmp no specs amlogic usb burning tool v3.2.8.exe amlogic usb burning tool v3.2.8.tmp cmd.exe no specs taskkill.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
296"C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe" /SPAWNWND=$30272 /NOTIFYWND=$4027C C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe
Amlogic USB Burning Tool v3.2.8.tmp
User:
admin
Company:
Amlogic, Inc.
Integrity Level:
HIGH
Description:
V3_Aml_Burn_Tool Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\downloads\amlogic_usb_burning_tool_v3.2.8\amlogic usb burning tool v3.2.8.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
316"C:\Users\admin\AppData\Local\Temp\is-UVNAI.tmp\Amlogic USB Burning Tool v3.2.8.tmp" /SL5="$402B2,39316483,437760,C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe" /SPAWNWND=$30272 /NOTIFYWND=$4027C C:\Users\admin\AppData\Local\Temp\is-UVNAI.tmp\Amlogic USB Burning Tool v3.2.8.tmp
Amlogic USB Burning Tool v3.2.8.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-uvnai.tmp\amlogic usb burning tool v3.2.8.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1740"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1840taskkill /f /t /im Aml_Burn_Tool.exeC:\Windows\System32\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
2772"C:\Users\admin\AppData\Local\Temp\is-5PRAV.tmp\Amlogic USB Burning Tool v3.2.8.tmp" /SL5="$4027C,39316483,437760,C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe" C:\Users\admin\AppData\Local\Temp\is-5PRAV.tmp\Amlogic USB Burning Tool v3.2.8.tmpAmlogic USB Burning Tool v3.2.8.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-5prav.tmp\amlogic usb burning tool v3.2.8.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2920"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4052 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3404"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8.zip" C:\Users\admin\Downloads\C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3520"C:\Windows\system32\cmd.exe" /c taskkill /f /t /im Aml_Burn_Tool.exeC:\Windows\System32\cmd.exeAmlogic USB Burning Tool v3.2.8.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
128
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3800"C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe" C:\Users\admin\Downloads\Amlogic_USB_Burning_Tool_v3.2.8\Amlogic USB Burning Tool v3.2.8.exe
explorer.exe
User:
admin
Company:
Amlogic, Inc.
Integrity Level:
MEDIUM
Description:
V3_Aml_Burn_Tool Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\downloads\amlogic_usb_burning_tool_v3.2.8\amlogic usb burning tool v3.2.8.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
4052"C:\Program Files\Internet Explorer\iexplore.exe" "https://androiddatahost.com/au8bt"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
27 865
Read events
27 686
Write events
135
Delete events
44

Modification events

(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31090656
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31090656
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
299
Suspicious files
120
Text files
76
Unknown types
29

Dropped files

PID
Process
Filename
Type
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562binary
MD5:2AF33D02FCBA44CFBC4472BD56909EF3
SHA256:9482C49F918FFD2D561E7B37278A57892DD49114E6F6D23D6A2BB62ECA54E3B8
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:65987FAC3E64AFA11AEEDAFC0F1FCCE6
SHA256:7681EDD9C6AFBB395C2422284B170FDACD31124B641851AAE43B67FA1854A007
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:6F671AB5ACDF8D8EFF19B7F6FA14536D
SHA256:CE8F36F6A2793B4B802C99613B25F5966DF2776BB796B6E71B4FA62DCF83EE31
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C39CA9F3C1E29A95E83D140288CD78AA_C95EAF222F8C552B8A51D84B0A749002der
MD5:B6F16CB64A54A4154886A53EA410A9FC
SHA256:60009B5AC4C70C0F51B75132D93E8F59455D9EB50AC7E515A275A79962EA5E3A
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:9C22F7EBC6321152C6698B368939BDAA
SHA256:D95D2EE481BE837418F51EC52AD647DE3338934298523375D60C23B80E60B8DB
2920iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\au8bt[1].htmhtml
MD5:0ABB0ED1C01A749AFEBE63CF013FE9AF
SHA256:7F73DC1F70596C5C15CB3E81A6348816981525715A7DEF0502B5CF7D503F3FC0
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:CEA2F4CD858C2A642A21875E3283B6C4
SHA256:5EE012EB132E67C3D4330A6E36E479F8A60311E835EBD41353FABD08CD36BDC6
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C39CA9F3C1E29A95E83D140288CD78AA_C95EAF222F8C552B8A51D84B0A749002binary
MD5:C54945F73D2507B2581131F4F2F0414E
SHA256:BCA8ECECCA8EBD0A127641723314B6FEBDB54AD7C31C0AA4DB16DF74D9E8E097
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAder
MD5:AC89A852C2AAA3D389B2D2DD312AD367
SHA256:0B720E19270C672F9B6E0EC40B468AC49376807DE08A814573FE038779534F45
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562binary
MD5:D9B2F49553884778A0F682A83321C576
SHA256:0458989634E3B38F1A466C135155198F080B265FA71CE257E00F7601CD1CD291
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
65
DNS requests
31
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2920
iexplore.exe
GET
304
184.24.77.194:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d362edf7b65e9a48
unknown
unknown
2920
iexplore.exe
GET
200
172.217.16.195:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGHsycmQas7CCZXEOfu%2B%2Bqs%3D
unknown
binary
471 b
unknown
4052
iexplore.exe
GET
304
184.24.77.194:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?bdc5ae628aaf0bd4
unknown
unknown
2920
iexplore.exe
GET
200
172.217.16.195:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEH1ZfRmkcbmIEJt1GKpWSOU%3D
unknown
binary
471 b
unknown
2920
iexplore.exe
GET
200
172.217.16.195:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDDidhelLJLaQnsKqlsZYpa
unknown
binary
472 b
unknown
2920
iexplore.exe
GET
200
172.217.16.195:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEEqXFHjUGef%2BEE1ScxNRVig%3D
unknown
binary
471 b
unknown
4052
iexplore.exe
GET
304
184.24.77.194:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4dd617501e33218a
unknown
unknown
2920
iexplore.exe
GET
200
172.217.16.195:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDWcu1vhm%2F7Dgq%2BMnSH3EBn
unknown
binary
472 b
unknown
4052
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
312 b
unknown
2920
iexplore.exe
GET
200
172.217.16.195:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCRs%2Fkp3S0EjBKeXx2SMJsz
unknown
binary
472 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2920
iexplore.exe
192.124.249.38:443
androiddatahost.com
SUCURI-SEC
US
unknown
2920
iexplore.exe
184.24.77.194:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
2920
iexplore.exe
192.124.249.24:80
ocsp.starfieldtech.com
SUCURI-SEC
US
unknown
2920
iexplore.exe
142.250.181.226:443
pagead2.googlesyndication.com
GOOGLE
US
whitelisted
2920
iexplore.exe
142.250.185.238:443
www.google-analytics.com
GOOGLE
US
whitelisted
2920
iexplore.exe
172.217.16.195:80
ocsp.pki.goog
GOOGLE
US
whitelisted
2920
iexplore.exe
142.250.186.72:443
www.googletagmanager.com
GOOGLE
US
unknown

DNS requests

Domain
IP
Reputation
androiddatahost.com
  • 192.124.249.38
whitelisted
ctldl.windowsupdate.com
  • 184.24.77.194
  • 184.24.77.202
  • 93.184.221.240
whitelisted
ocsp.starfieldtech.com
  • 192.124.249.24
  • 192.124.249.23
  • 192.124.249.22
  • 192.124.249.36
  • 192.124.249.41
whitelisted
pagead2.googlesyndication.com
  • 142.250.181.226
whitelisted
www.google-analytics.com
  • 142.250.185.238
whitelisted
ocsp.pki.goog
  • 172.217.16.195
whitelisted
www.googletagmanager.com
  • 142.250.186.72
whitelisted
googleads.g.doubleclick.net
  • 172.217.18.2
whitelisted
fundingchoicesmessages.google.com
  • 216.58.212.174
whitelisted
lh3.googleusercontent.com
  • 216.58.206.33
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://androiddatahost.com/au8bt