File name:

Partnership Agreement for YouTube Cooperation.exe

Full analysis: https://app.any.run/tasks/333a543a-2520-4612-8373-58e3329aab33
Verdict: Malicious activity
Analysis date: April 23, 2025, 19:05:14
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
inno
installer
delphi
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

AF2E854BE4057C5FC602E25CF73BF8DA

SHA1:

857A2F89A91A47D7D82B16C568AC7598B9015554

SHA256:

ADDC2DDEADC5ED50F191FDCD5400231DA59517AC8DCB470A616CD408ED81A14A

SSDEEP:

49152:gwMgfPAESYUJ/jiJ8aQSCodp6ryRvL0ZqfEJZbcx3u09qm8q2ORcw82MgELQpWhH:mgwewOzQXo7HL0dJsu09qmPP/MgELQp8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Uses Task Scheduler to run other applications

      • Partnership Agreement for YouTube Cooperation.tmp (PID: 7264)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Partnership Agreement for YouTube Cooperation.exe (PID: 6668)
      • Partnership Agreement for YouTube Cooperation.tmp (PID: 4692)
      • Partnership Agreement for YouTube Cooperation.exe (PID: 7236)
      • Partnership Agreement for YouTube Cooperation.tmp (PID: 7264)
      • idp.exe (PID: 7812)

    • Reads the Windows owner or organization settings

      • Partnership Agreement for YouTube Cooperation.tmp (PID: 4692)
      • Partnership Agreement for YouTube Cooperation.tmp (PID: 7264)

    • Reads security settings of Internet Explorer

      • Partnership Agreement for YouTube Cooperation.tmp (PID: 4692)
      • Partnership Agreement for YouTube Cooperation.tmp (PID: 7264)

    • Starts CMD.EXE for commands execution

      • Partnership Agreement for YouTube Cooperation.tmp (PID: 7264)

    • Drops 7-zip archiver for unpacking

      • Partnership Agreement for YouTube Cooperation.tmp (PID: 7264)

    • Uses ATTRIB.EXE to modify file attributes

      • cmd.exe (PID: 7888)

    • Executing commands from ".cmd" file

      • Partnership Agreement for YouTube Cooperation.tmp (PID: 7264)

    • Searches for installed software

      • explorer.exe (PID: 7980)

  • INFO

    • Create files in a temporary directory

      • Partnership Agreement for YouTube Cooperation.exe (PID: 6668)
      • Partnership Agreement for YouTube Cooperation.tmp (PID: 4692)
      • Partnership Agreement for YouTube Cooperation.exe (PID: 7236)
      • Partnership Agreement for YouTube Cooperation.tmp (PID: 7264)

    • Checks supported languages

      • Partnership Agreement for YouTube Cooperation.exe (PID: 6668)
      • Partnership Agreement for YouTube Cooperation.tmp (PID: 4692)
      • Partnership Agreement for YouTube Cooperation.exe (PID: 7236)
      • Partnership Agreement for YouTube Cooperation.tmp (PID: 7264)
      • idp.exe (PID: 7812)

    • Reads the computer name

      • Partnership Agreement for YouTube Cooperation.tmp (PID: 4692)
      • Partnership Agreement for YouTube Cooperation.tmp (PID: 7264)
      • idp.exe (PID: 7812)

    • Process checks computer location settings

      • Partnership Agreement for YouTube Cooperation.tmp (PID: 4692)

    • Reads the machine GUID from the registry

      • Partnership Agreement for YouTube Cooperation.tmp (PID: 7264)

    • Checks proxy server information

      • Partnership Agreement for YouTube Cooperation.tmp (PID: 7264)
      • slui.exe (PID: 7644)

    • Compiled with Borland Delphi (YARA)

      • Partnership Agreement for YouTube Cooperation.exe (PID: 7236)

    • Reads the software policy settings

      • Partnership Agreement for YouTube Cooperation.tmp (PID: 7264)
      • slui.exe (PID: 7392)
      • slui.exe (PID: 7644)

    • Creates files or folders in the user directory

      • Partnership Agreement for YouTube Cooperation.tmp (PID: 7264)
      • idp.exe (PID: 7812)

    • Detects InnoSetup installer (YARA)

      • Partnership Agreement for YouTube Cooperation.exe (PID: 7236)

    • The sample compiled with english language support

      • Partnership Agreement for YouTube Cooperation.tmp (PID: 7264)

    • Manual execution by a user

      • mmc.exe (PID: 5324)
      • mmc.exe (PID: 2384)

    • Reads security settings of Internet Explorer

      • mmc.exe (PID: 2384)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:04:06 14:39:04+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 66560
InitializedDataSize: 83456
UninitializedDataSize: -
EntryPoint: 0x117dc
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 7.1.3.73
ProductVersionNumber: 7.1.3.73
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: YouTube Cooperation
FileDescription: Partnership Agreement for YT Cooperation
FileVersion: 7.1.3.73
LegalCopyright:
ProductName: YouTube Cooperation
ProductVersion: 7.1.3.73
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
164
Monitored processes
21
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start partnership agreement for youtube cooperation.exe partnership agreement for youtube cooperation.tmp partnership agreement for youtube cooperation.exe partnership agreement for youtube cooperation.tmp sppextcomobj.exe no specs slui.exe idp.exe conhost.exe no specs cmd.exe no specs conhost.exe no specs attrib.exe no specs schtasks.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs slui.exe COpenControlPanel no specs explorer.exe no specs mmc.exe no specs mmc.exe rundll32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2384"C:\WINDOWS\system32\mmc.exe" "C:\WINDOWS\system32\taskschd.msc" /sC:\Windows\System32\mmc.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Management Console
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\mmc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4692"C:\Users\admin\AppData\Local\Temp\is-DLMAU.tmp\Partnership Agreement for YouTube Cooperation.tmp" /SL5="$6026C,616681,151040,C:\Users\admin\Desktop\Partnership Agreement for YouTube Cooperation.exe" C:\Users\admin\AppData\Local\Temp\is-DLMAU.tmp\Partnership Agreement for YouTube Cooperation.tmp
Partnership Agreement for YouTube Cooperation.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\is-dlmau.tmp\partnership agreement for youtube cooperation.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
5324"C:\WINDOWS\system32\mmc.exe" "C:\WINDOWS\system32\taskschd.msc" /sC:\Windows\System32\mmc.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Management Console
Exit code:
3221226540
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\mmc.exe
c:\windows\system32\ntdll.dll
6668"C:\Users\admin\Desktop\Partnership Agreement for YouTube Cooperation.exe" C:\Users\admin\Desktop\Partnership Agreement for YouTube Cooperation.exe
explorer.exe
User:
admin
Company:
YouTube Cooperation
Integrity Level:
MEDIUM
Description:
Partnership Agreement for YT Cooperation
Exit code:
1
Version:
7.1.3.73
Modules
Images
c:\users\admin\desktop\partnership agreement for youtube cooperation.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
6960C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
7236"C:\Users\admin\Desktop\Partnership Agreement for YouTube Cooperation.exe" /verysilent /sp-C:\Users\admin\Desktop\Partnership Agreement for YouTube Cooperation.exe
Partnership Agreement for YouTube Cooperation.tmp
User:
admin
Company:
YouTube Cooperation
Integrity Level:
MEDIUM
Description:
Partnership Agreement for YT Cooperation
Exit code:
0
Version:
7.1.3.73
Modules
Images
c:\users\admin\desktop\partnership agreement for youtube cooperation.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
7264"C:\Users\admin\AppData\Local\Temp\is-VFJMC.tmp\Partnership Agreement for YouTube Cooperation.tmp" /SL5="$7026C,616681,151040,C:\Users\admin\Desktop\Partnership Agreement for YouTube Cooperation.exe" /verysilent /sp-C:\Users\admin\AppData\Local\Temp\is-VFJMC.tmp\Partnership Agreement for YouTube Cooperation.tmp
Partnership Agreement for YouTube Cooperation.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-vfjmc.tmp\partnership agreement for youtube cooperation.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
7360C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
7392"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7644C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
17 380
Read events
17 345
Write events
33
Delete events
2

Modification events

(PID) Process:(7980) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:(7980) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
0000000004000000030000000E000000100000000F0000000C0000000D0000000B000000050000000A000000090000000800000001000000070000000600000002000000FFFFFFFF
(PID) Process:(7980) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1
Operation:writeName:MRUListEx
Value:
05000000000000000600000002000000010000000400000003000000FFFFFFFF
(PID) Process:(7980) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Operation:writeName:Locked
Value:
1
(PID) Process:(7980) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel
Operation:writeName:WFlags
Value:
0
(PID) Process:(7980) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel
Operation:writeName:ShowCmd
Value:
1
(PID) Process:(7980) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel
Operation:writeName:HotKey
Value:
0
(PID) Process:(7980) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\77\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}
Operation:writeName:Rev
Value:
0
(PID) Process:(7980) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\77\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}
Operation:writeName:FFlags
Value:
18874433
(PID) Process:(7980) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\77\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}
Operation:writeName:Vid
Value:
{137E7700-3573-11CF-AE69-08002B2E1262}
Executable files
9
Suspicious files
6
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
7264Partnership Agreement for YouTube Cooperation.tmpC:\Users\admin\AppData\Local\Temp\is-JQAVK.tmp\logs
MD5:
SHA256:
7812idp.exeC:\Users\admin\AppData\Local\Programs\Common\node-v22.12.0-x64.msi
MD5:
SHA256:
7264Partnership Agreement for YouTube Cooperation.tmpC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751binary
MD5:E192462F281446B5D1500D474FBACC4B
SHA256:F1BA9F1B63C447682EBF9DE956D0DA2A027B1B779ABEF9522D347D3479139A60
4692Partnership Agreement for YouTube Cooperation.tmpC:\Users\admin\AppData\Local\Temp\is-QNA3R.tmp\idp.dllexecutable
MD5:55C310C0319260D798757557AB3BF636
SHA256:54E7E0AD32A22B775131A6288F083ED3286A9A436941377FC20F85DD9AD983ED
7264Partnership Agreement for YouTube Cooperation.tmpC:\Users\admin\AppData\Local\Temp\is-JQAVK.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
7264Partnership Agreement for YouTube Cooperation.tmpC:\Users\admin\AppData\Local\Temp\is-JQAVK.tmp\idp.dllexecutable
MD5:55C310C0319260D798757557AB3BF636
SHA256:54E7E0AD32A22B775131A6288F083ED3286A9A436941377FC20F85DD9AD983ED
4692Partnership Agreement for YouTube Cooperation.tmpC:\Users\admin\AppData\Local\Temp\is-QNA3R.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
6668Partnership Agreement for YouTube Cooperation.exeC:\Users\admin\AppData\Local\Temp\is-DLMAU.tmp\Partnership Agreement for YouTube Cooperation.tmpexecutable
MD5:D2D961D6609D3216574261A44B68162D
SHA256:7E99597C21F0B65E2F0A800802294C897A454C8DD0826E8DA05169D8ADD21EA8
7264Partnership Agreement for YouTube Cooperation.tmpC:\Users\admin\AppData\Local\Temp\is-JQAVK.tmp\langxml
MD5:2135B15BB480EF462579D3F41B6614FC
SHA256:36276D88C584561A46F112B7124565E246199CDCC03C73F40D6E5750041F7629
7812idp.exeC:\Users\admin\AppData\Local\Programs\Common\arialnarrow.ttfbinary
MD5:F0A7FF15E2B7456FB1B2565755E20AE2
SHA256:E17B243CBF2E194890C561DBB63E515DC34E941EE1A7923748B336199B812F52
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
63
DNS requests
46
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
23.48.23.185:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7264
Partnership Agreement for YouTube Cooperation.tmp
GET
200
69.192.161.44:80
http://x1.c.lencr.org/
unknown
whitelisted
7264
Partnership Agreement for YouTube Cooperation.tmp
GET
200
184.24.77.79:80
http://e6.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTUejiAQejpjQc4fOz2ttjyD6VkMQQUDcXM%2FZvuFAWhTDCCpT5eisNYCdICEgVYbazQZAP%2FEajNeAopFEBc7g%3D%3D
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
8188
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2104
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
8188
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
23.48.23.185:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
7264
Partnership Agreement for YouTube Cooperation.tmp
104.18.111.161:443
tinyurl.com
CLOUDFLARENET
whitelisted
7264
Partnership Agreement for YouTube Cooperation.tmp
164.132.58.105:443
rentry.org
OVH SAS
FR
suspicious
7264
Partnership Agreement for YouTube Cooperation.tmp
148.251.0.164:443
nascacs.co.za
Hetzner Online GmbH
DE
shared
7264
Partnership Agreement for YouTube Cooperation.tmp
69.192.161.44:80
x1.c.lencr.org
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.48.23.185
  • 23.48.23.194
  • 23.48.23.193
  • 23.48.23.195
  • 23.48.23.139
  • 23.48.23.137
  • 23.48.23.134
  • 23.48.23.191
  • 23.48.23.192
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 216.58.206.78
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
tinyurl.com
  • 104.18.111.161
  • 104.17.112.233
whitelisted
rentry.org
  • 164.132.58.105
unknown
nascacs.co.za
  • 148.251.0.164
shared
x1.c.lencr.org
  • 69.192.161.44
whitelisted
e6.o.lencr.org
  • 184.24.77.79
  • 184.24.77.46
  • 184.24.77.73
  • 184.24.77.77
  • 184.24.77.44
  • 184.24.77.48
  • 184.24.77.76
  • 184.24.77.69
  • 184.24.77.78
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] URL Shortener TinyURL (tinyurl .com)
2196
svchost.exe
Misc activity
INFO [ANY.RUN] Possible short link service (tinyurl .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Partnership Agreement for YouTube Cooperation.exe