URL:

youareanidiot.org

Full analysis: https://app.any.run/tasks/0e477548-ebda-4d74-b99a-215e56e64ac7
Verdict: Malicious activity
Analysis date: January 01, 2024, 15:12:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

22365C9A92DE38E63B1376825FAF35EA

SHA1:

07DE2DBBF3E86E796BA93C13594CC1510F5DD837

SHA256:

9F45F48A730D5835DE62C53180FD4167C44414DB0982765AEE0B6ABEA83DA50D

SSDEEP:

3:7QEtpQKS:du

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • msdt.exe (PID: 2192)
      • YouAreAnIdiot.exe (PID: 3380)

    • Reads the Internet Settings

      • sdiagnhost.exe (PID: 2444)
      • ehshell.exe (PID: 3000)
      • wmplayer.exe (PID: 1344)

    • Detected use of alternative data streams (AltDS)

      • ehvid.exe (PID: 3772)

  • INFO

    • Reads security settings of Internet Explorer

      • sdiagnhost.exe (PID: 2444)
      • msdt.exe (PID: 2192)

    • Manual execution by a user

      • msedge.exe (PID: 1572)
      • WinRAR.exe (PID: 1816)
      • taskmgr.exe (PID: 3228)
      • WinRAR.exe (PID: 2328)
      • ehshell.exe (PID: 3000)
      • taskmgr.exe (PID: 1992)
      • ehtray.exe (PID: 1168)

    • Drops the executable file immediately after the start

      • msdt.exe (PID: 2192)
      • msedge.exe (PID: 1572)
      • WinRAR.exe (PID: 1816)
      • WinRAR.exe (PID: 2328)

    • Process drops legitimate windows executable

      • msdt.exe (PID: 2192)

    • Application launched itself

      • iexplore.exe (PID: 2044)
      • msedge.exe (PID: 1572)

    • Create files in a temporary directory

      • msdt.exe (PID: 2192)

    • The process uses the downloaded file

      • msedge.exe (PID: 2724)
      • WinRAR.exe (PID: 1816)
      • WinRAR.exe (PID: 2328)

    • Reads the machine GUID from the registry

      • YouAreAnIdiot.exe (PID: 3380)
      • YouAreAnIdiot.exe (PID: 1852)
      • ehshell.exe (PID: 3000)
      • wmplayer.exe (PID: 1344)
      • ehsched.exe (PID: 3528)
      • ehtray.exe (PID: 1168)
      • ehrec.exe (PID: 2508)
      • ehvid.exe (PID: 3772)

    • Checks supported languages

      • YouAreAnIdiot.exe (PID: 3380)
      • ehshell.exe (PID: 3000)
      • YouAreAnIdiot.exe (PID: 1852)
      • wmplayer.exe (PID: 1344)
      • ehtray.exe (PID: 1168)
      • ehrec.exe (PID: 2508)
      • ehsched.exe (PID: 3528)
      • ehvid.exe (PID: 3772)

    • Reads the computer name

      • YouAreAnIdiot.exe (PID: 3380)
      • YouAreAnIdiot.exe (PID: 1852)
      • ehshell.exe (PID: 3000)
      • wmplayer.exe (PID: 1344)
      • ehsched.exe (PID: 3528)
      • ehtray.exe (PID: 1168)
      • ehrec.exe (PID: 2508)
      • ehvid.exe (PID: 3772)

    • Reads CPU info

      • YouAreAnIdiot.exe (PID: 3380)
      • YouAreAnIdiot.exe (PID: 1852)
      • ehshell.exe (PID: 3000)

    • Creates files or folders in the user directory

      • msdt.exe (PID: 2192)
      • YouAreAnIdiot.exe (PID: 3380)
      • ehshell.exe (PID: 3000)
      • YouAreAnIdiot.exe (PID: 1852)
      • wmplayer.exe (PID: 1344)

    • Creates files in the program directory

      • ehshell.exe (PID: 3000)
      • ehsched.exe (PID: 3528)
      • ehvid.exe (PID: 3772)

    • Process checks computer location settings

      • ehshell.exe (PID: 3000)
      • wmplayer.exe (PID: 1344)

    • Executes as Windows Service

      • ehsched.exe (PID: 3528)

    • Reads Environment values

      • wmplayer.exe (PID: 1344)
      • ehshell.exe (PID: 3000)

    • Checks proxy server information

      • wmplayer.exe (PID: 1344)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
110
Monitored processes
66
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe msdt.exe no specs sdiagnhost.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs youareanidiot.exe taskmgr.exe no specs winrar.exe no specs youareanidiot.exe no specs ehshell.exe taskmgr.exe no specs wmplayer.exe ehsched.exe no specs ehtray.exe no specs ehrec.exe no specs ehvid.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
492"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6040 --field-trial-handle=1052,i,17368128954364135612,6861112347321587198,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
552"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5136 --field-trial-handle=1052,i,17368128954364135612,6861112347321587198,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
764"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5900 --field-trial-handle=1052,i,17368128954364135612,6861112347321587198,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1056"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2044 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1092"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5196 --field-trial-handle=1052,i,17368128954364135612,6861112347321587198,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1168"C:\Windows\eHome\EhTray.exe" /nav:-2C:\Windows\ehome\ehtray.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Center
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\ehome\ehtray.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1268"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6e51f598,0x6e51f5a8,0x6e51f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1288"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5180 --field-trial-handle=1052,i,17368128954364135612,6861112347321587198,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1288"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5964 --field-trial-handle=1052,i,17368128954364135612,6861112347321587198,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1344"C:\Program Files\Windows Media Player\wmplayer.exe" /SkipFUE /RemoteOCXLaunch /SuppressDialogsC:\Program Files\Windows Media Player\wmplayer.exe
ehshell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player
Exit code:
0
Version:
12.0.7601.23517 (win7sp1_ldr.160812-0732)
Modules
Images
c:\program files\windows media player\wmplayer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
37 405
Read events
36 970
Write events
431
Delete events
4

Modification events

(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
54
Suspicious files
1 726
Text files
262
Unknown types
1

Dropped files

PID
Process
Filename
Type
1056iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\J65AP0JS.txttext
MD5:6AC70CE91381AF67F6E9095808551A81
SHA256:60A3C5EC6174804829A9A40F1571AC0584604E3067C1F4DE2405CF97105E90B8
1056iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\arrows[1].pngimage
MD5:0CB2E5165DC9324EB462199F04E1FFA9
SHA256:67DFF0AAD873050F12609885F2264417CCDD0D438311000A704C89F0865F7865
1056iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\enhance[1].jstext
MD5:E34FB0216BF5754490590AD459CAD251
SHA256:0CCBCA91685F491D76F885B5AFB539B577DFD6248185A2AFFBD9E469CD9E12FF
1056iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\O4OR6MHO.txttext
MD5:6AC70CE91381AF67F6E9095808551A81
SHA256:60A3C5EC6174804829A9A40F1571AC0584604E3067C1F4DE2405CF97105E90B8
1056iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\CO2ZQRAV.htmhtml
MD5:5FFBC733948DDD5EDB80A7AC892B00FB
SHA256:96B341B2548FFD3BB28C108E339C433DBFD0453D3993B4469669CB8D6945F376
1056iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\caf[1].jstext
MD5:7C3436A58816542D224F1FBAC2613C76
SHA256:897AFC7294FEAC4B7766C68620463889F318DFD538197A8F35D0F475EA05ADFF
1056iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:034EC3B760B9B922D37EC2D86820EBFA
SHA256:015E7444EB0FDF2CAE85AEF5C1D3D1AEE98ED7E692C848EA45BFEC3A35CCD821
1056iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
1056iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:448774D88ABBEADA452D31C76F6460E4
SHA256:BC591A8ABE546E0F38FDA74EB35C68A15FC3CBA1EBF996A3C9D47ACBFD4432C1
1056iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_92A59A0F4F7E0452583B0BE3284C67BDbinary
MD5:A3930DB1F02262334959962811502A5D
SHA256:EB4E9C31284F20078691390B9EDD574AD0A4388902ECD005F007851505D4C94C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
34
TCP/UDP connections
288
DNS requests
374
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1056
iexplore.exe
GET
302
50.28.56.190:80
http://youareanidiot.org/
unknown
unknown
1056
iexplore.exe
GET
200
75.2.81.221:80
http://ww12.youareanidiot.org/?usid=19&utid=18348547967
unknown
html
5.45 Kb
unknown
1056
iexplore.exe
GET
200
172.217.18.4:80
http://www.google.com/adsense/domains/caf.js?abp=1
unknown
text
53.0 Kb
unknown
1056
iexplore.exe
GET
200
18.66.121.138:80
http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
unknown
image
11.1 Kb
unknown
1056
iexplore.exe
GET
200
184.24.77.180:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7d59b069cd642540
unknown
compressed
4.66 Kb
unknown
1056
iexplore.exe
GET
200
67.225.218.50:80
http://parking.parklogic.com/page/enhance.js?pcId=12&domain=youareanidiot.org
unknown
text
1.00 Kb
unknown
1056
iexplore.exe
GET
200
75.2.81.221:80
http://ww12.youareanidiot.org/track.php?domain=youareanidiot.org&toggle=browserjs&uid=MTcwNDEyMTk3NC4xMDkyOjg4YzkzNjJmNTFlODJkMDg3ZmNjNmQwYjA0MzEyOTk4YTZmYWYxYzk4MDRkZjcwYjdjYmIxOTI2Yzc0NDBkOTU6NjU5MmQ2NzYxYWE5ZA%3D%3D
unknown
binary
20 b
unknown
1056
iexplore.exe
GET
201
75.2.81.221:80
http://ww12.youareanidiot.org/ls.php?t=6592d676&token=fd956d0bc658f6e869fa56189267d9f69242dcb1
unknown
binary
16 b
unknown
1056
iexplore.exe
GET
200
184.24.77.180:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5f7c2f27d3869b3f
unknown
compressed
4.66 Kb
unknown
1056
iexplore.exe
GET
200
184.24.77.180:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7f4ae261cec090e7
unknown
compressed
4.66 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1056
iexplore.exe
50.28.56.190:80
youareanidiot.org
LIQUIDWEB
US
unknown
1056
iexplore.exe
75.2.81.221:80
ww12.youareanidiot.org
AMAZON-02
US
unknown
1056
iexplore.exe
172.217.18.4:80
www.google.com
GOOGLE
US
whitelisted
1056
iexplore.exe
67.225.218.50:80
parking.parklogic.com
LIQUIDWEB
US
unknown
1056
iexplore.exe
142.250.186.66:443
partner.googleadservices.com
GOOGLE
US
whitelisted
1056
iexplore.exe
172.217.16.206:443
www.adsensecustomsearchads.com
GOOGLE
US
whitelisted
1056
iexplore.exe
18.66.121.138:80
d38psrni17bvxu.cloudfront.net
AMAZON-02
US
unknown
1056
iexplore.exe
184.24.77.180:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
youareanidiot.org
  • 50.28.56.190
unknown
ww12.youareanidiot.org
  • 75.2.81.221
whitelisted
www.google.com
  • 172.217.18.4
  • 142.250.186.36
whitelisted
parking.parklogic.com
  • 67.225.218.50
unknown
partner.googleadservices.com
  • 142.250.186.66
whitelisted
www.adsensecustomsearchads.com
  • 172.217.16.206
whitelisted
d38psrni17bvxu.cloudfront.net
  • 18.66.121.138
  • 18.66.121.135
  • 18.66.121.69
  • 18.66.121.190
unknown
ctldl.windowsupdate.com
  • 184.24.77.180
  • 184.24.77.197
  • 184.24.77.208
  • 184.24.77.202
  • 184.24.77.173
  • 184.24.77.194
whitelisted
ocsp.pki.goog
  • 142.250.185.131
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted

Threats

PID
Process
Class
Message
1956
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] A free CDN for open source projects (jsdelivr .net)
Process
Message
ehshell.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
ehshell.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
ehshell.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
ehshell.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
ehshell.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
ehshell.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
ehshell.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
ehshell.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
ehshell.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
ehshell.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
youareanidiot.org