URL:

igetintopc.com

Full analysis: https://app.any.run/tasks/999af2d5-3fd7-4bb3-bc50-544ec48e2e6e
Verdict: Malicious activity
Analysis date: June 05, 2025, 18:19:58
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
autoit
autoit-loader
Indicators:
MD5:

283BDFF46BFE8F45C785AFAEBA080213

SHA1:

3C3B860BBCCA9F71B3EA4401BE7F3031EA171865

SHA256:

AB604BC3646B59B0C4B579A8365D85EA4C50D8DDCF991AA03B77D237BA38F915

SSDEEP:

3:D0MjLdIn:4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • AutoIt loader has been detected (YARA)

      • Declare.com (PID: 7960)

    • Executing a file with an untrusted certificate

      • FullSetup.exe (PID: 5952)
      • booter.exe (PID: 8120)
      • action_setup.exe (PID: 7508)
      • symchk.exe (PID: 7892)
      • symchk.exe (PID: 4212)

  • SUSPICIOUS

    • Executing commands from a ".bat" file

      • FullSetup.exe (PID: 5952)
      • Action_x64.bin (PID: 7980)

    • Application launched itself

      • WinRAR.exe (PID: 7932)
      • WinRAR.exe (PID: 2408)
      • WinRAR.exe (PID: 5936)

    • Starts CMD.EXE for commands execution

      • FullSetup.exe (PID: 5952)
      • ActionLauncher.exe (PID: 7992)
      • Action_x64.bin (PID: 7980)

    • The executable file from the user directory is run by the CMD process

      • Declare.com (PID: 7960)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 7924)

    • Get information on the list of running processes

      • cmd.exe (PID: 7924)

    • Starts application with an unusual extension

      • cmd.exe (PID: 7924)
      • Action.exe (PID: 5044)

    • There is functionality for taking screenshot (YARA)

      • Declare.com (PID: 7960)
      • action_setup.exe (PID: 7508)
      • _igetintopc.com_action_4_45_0_setup.exe (PID: 5248)
      • Action.exe (PID: 5044)

    • Starts the AutoIt3 executable file

      • cmd.exe (PID: 7924)

    • Executable content was dropped or overwritten

      • action_setup.exe (PID: 7508)
      • dllhost.exe (PID: 3156)
      • Action_Loader.exe (PID: 8164)
      • Action.exe (PID: 5044)
      • cmd.exe (PID: 5976)

    • The process drops C-runtime libraries

      • action_setup.exe (PID: 7508)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • action_setup.exe (PID: 7508)

    • Process drops legitimate windows executable

      • action_setup.exe (PID: 7508)

    • The process executes via Task Scheduler

      • ActionLauncher.exe (PID: 1856)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 5976)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 1348)
      • firefox.exe (PID: 5772)
      • msedge.exe (PID: 8044)
      • msedge.exe (PID: 3684)
      • msedge.exe (PID: 8140)

    • Manual execution by a user

      • WinRAR.exe (PID: 7932)
      • FullSetup.exe (PID: 5952)
      • WinRAR.exe (PID: 5328)
      • WinRAR.exe (PID: 7456)
      • Action_Loader.exe (PID: 7524)
      • msedge.exe (PID: 8140)
      • _igetintopc.com_action_4_45_0_setup.exe (PID: 5248)
      • Action_Loader.exe (PID: 6640)
      • Action_Loader.exe (PID: 4284)
      • Action_Loader.exe (PID: 8164)

    • Connects to unusual port

      • firefox.exe (PID: 5772)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1512)
      • WinRAR.exe (PID: 5328)

    • Launching a file from the Downloads directory

      • firefox.exe (PID: 5772)

    • The sample compiled with english language support

      • action_setup.exe (PID: 7508)
      • WinRAR.exe (PID: 5328)
      • dllhost.exe (PID: 3156)

    • The sample compiled with polish language support

      • action_setup.exe (PID: 7508)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
268
Monitored processes
127
Malicious processes
5
Suspicious processes
4

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs slui.exe winrar.exe no specs winrar.exe no specs winrar.exe no specs winrar.exe fullsetup.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs findstr.exe no specs tasklist.exe no specs findstr.exe no specs extrac32.exe no specs findstr.exe no specs declare.com choice.exe no specs firefox.exe no specs firefox.exe no specs winrar.exe _igetintopc.com_action_4_45_0_setup.exe no specs action_setup.exe preinstall.exe no specs winrar.exe no specs msedge.exe no specs booter.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs actionlauncher.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs actionlauncher.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs action_loader.exe no specs action_loader.exe rundll32.exe no specs Copy/Move/Rename/Delete/Link Object action_loader.exe no specs action_loader.exe action.exe mrls_browser.bin no specs mrls_browser.bin no specs action_x86.bin action_x64.bin cmd.exe conhost.exe no specs regedit.exe no specs tscap.bin no specs tutorial_launcher.exe aghelper_x86.exe no specs aghelper_x64.exe no specs symchk.exe conhost.exe no specs symchk.exe conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs vlc.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
472"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3940 --field-trial-handle=2268,i,1549109048535099115,15345980620804551577,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
808C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
924AGHelper_x86.exeC:\Program Files (x86)\Mirillis\Action!\AGHelper_x86.exeAction.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files (x86)\mirillis\action!\aghelper_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1064"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=2528 --field-trial-handle=2360,i,14731306507599864848,10810699852349014947,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1348"C:\Program Files\Mozilla Firefox\firefox.exe" "igetintopc.com"C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\crypt32.dll
1504C:\WINDOWS\system32\schtasks.exe /Run /TN "ActionLauncher_admin"C:\Windows\SysWOW64\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1512"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Rar$DIa2408.49459\𝒮𝑒ƚ𝒰ρ--☼𝖕𝖊𝖓.tarC:\Program Files\WinRAR\WinRAR.exe
WinRAR.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1696"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5532 --field-trial-handle=2360,i,14731306507599864848,10810699852349014947,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1700C:\WINDOWS\system32\schtasks.exe /End /TN "ActionLauncher_admin"C:\Windows\SysWOW64\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1760"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=2568 --field-trial-handle=2268,i,1549109048535099115,15345980620804551577,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
71 467
Read events
71 228
Write events
232
Delete events
7

Modification events

(PID) Process:(5772) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(7932) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(7932) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Downloads\🍁𝓕ųŁŁ--Şē₮ɄꝐ-₣ⱤɆɆ-ĐØ₩₦ⱠØ₳Đ-Ⱡ₳₮Ɇ₴₮🍁.tar
(PID) Process:(7932) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(7932) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(7932) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(7932) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(7932) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(7932) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(5936) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
Executable files
210
Suspicious files
467
Text files
271
Unknown types
182

Dropped files

PID
Process
Filename
Type
5772firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
5772firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-child-current.binbinary
MD5:22DA36CA5BA1D055ADE237F52DC825A7
SHA256:7438A5D5298BFA0ABAB51E6B35EAC0F26B830BCEFBDBEB5F07721DBA34F89E0D
5772firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
5772firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:C09FF302D57C404B61E6A89B0B9F36E7
SHA256:6A5B4F82595799346D0E501FE6CC8629E0FD6ED27B74D0E6CB5073DDB2E3C40B
5772firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
5772firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
5772firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
5772firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
5772firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
5772firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cert9.db-journalbinary
MD5:82EFAD1C6E7AB4A5C5E4A6E3E5C22FC8
SHA256:BCC347023FC14DE1DBE767FF50DFA4A32C6C20FC96DBCB07145EB4F3A1C8F301
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
94
TCP/UDP connections
260
DNS requests
308
Threats
31

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5772
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.32.238.34:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5772
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5772
firefox.exe
POST
200
142.250.185.227:80
http://o.pki.goog/s/wr3/FIY
unknown
whitelisted
5772
firefox.exe
GET
301
104.21.21.246:80
http://igetintopc.com/
unknown
whitelisted
5772
firefox.exe
POST
200
2.16.206.143:80
http://r10.o.lencr.org/
unknown
whitelisted
5772
firefox.exe
POST
200
2.16.206.143:80
http://r11.o.lencr.org/
unknown
whitelisted
5772
firefox.exe
POST
200
142.250.185.227:80
http://o.pki.goog/s/wr3/3H4
unknown
whitelisted
5772
firefox.exe
POST
200
2.16.206.143:80
http://r11.o.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6544
svchost.exe
20.190.160.22:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
23.32.238.34:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
2.16.253.202:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5772
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
5772
firefox.exe
104.21.21.246:80
igetintopc.com
CLOUDFLARENET
whitelisted
5772
firefox.exe
34.36.137.203:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
5772
firefox.exe
34.107.152.202:443
firefox-settings-attachments.cdn.mozilla.net
GOOGLE
US
whitelisted
5772
firefox.exe
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 20.190.160.22
  • 40.126.32.68
  • 20.190.160.131
  • 20.190.160.64
  • 20.190.160.14
  • 20.190.160.20
  • 40.126.32.74
  • 40.126.32.72
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.174
whitelisted
crl.microsoft.com
  • 23.32.238.34
  • 2.19.198.194
  • 2.16.168.114
  • 2.16.168.124
whitelisted
www.microsoft.com
  • 2.16.253.202
whitelisted
igetintopc.com
  • 104.21.21.246
  • 172.67.201.115
  • 2606:4700:3033::ac43:c973
  • 2606:4700:3035::6815:15f6
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
  • 34.36.137.203
whitelisted
example.org
  • 96.7.128.186
  • 96.7.128.192
  • 23.215.0.132
  • 23.215.0.133
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2196
svchost.exe
Misc activity
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (mega .nz)
2196
svchost.exe
Misc activity
ET FILE_SHARING Observed DNS Query to Filesharing Service (mega .co .nz)
2196
svchost.exe
Misc activity
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (mega .nz)
2196
svchost.exe
Misc activity
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (mega .nz)
5772
firefox.exe
Misc activity
ET FILE_SHARING File Sharing Domain Observed in TLS SNI (mega .nz)
5772
firefox.exe
Misc activity
ET FILE_SHARING File Sharing Domain Observed in TLS SNI (mega .nz)
2196
svchost.exe
Misc activity
ET FILE_SHARING Observed DNS Query to Filesharing Service (mega .co .nz)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
igetintopc.com