URL:

cracksurl.com

Full analysis: https://app.any.run/tasks/4eda7f9c-91a5-46f4-a5b5-33496eaca5da
Verdict: Malicious activity
Analysis date: July 28, 2024, 09:06:29
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
qrcode
Indicators:
MD5:

1F2FB12A100F34D66F5F77FCF8C70060

SHA1:

2E4DCCF548305162D8DB0486E41F9CDCDA66D56C

SHA256:

B202BB649AA18863C8998CFEE5FDD1761E39E24A43962068CCDC4810D17DCAC4

SSDEEP:

3:yK2n:Y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • processlassosetup64.exe (PID: 4584)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • processlassosetup64.exe (PID: 4584)

    • Executable content was dropped or overwritten

      • processlassosetup64.exe (PID: 4584)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • processlassosetup64.exe (PID: 4584)

    • Creates a software uninstall entry

      • processlassosetup64.exe (PID: 4584)

    • Executes as Windows Service

      • srvstub.exe (PID: 3804)

    • The process executes via Task Scheduler

      • bitsumsessionagent.exe (PID: 6648)

    • Reads security settings of Internet Explorer

      • ProcessLasso.exe (PID: 3680)

    • The process checks if it is being run in the virtual environment

      • ProcessLasso.exe (PID: 3680)

  • INFO

    • Reads the software policy settings

      • slui.exe (PID: 5272)
      • slui.exe (PID: 5080)

    • Reads Microsoft Office registry keys

      • chrome.exe (PID: 720)

    • Checks proxy server information

      • slui.exe (PID: 5272)
      • slui.exe (PID: 5080)

    • Application launched itself

      • chrome.exe (PID: 720)

    • The process uses the downloaded file

      • chrome.exe (PID: 3704)
      • WinRAR.exe (PID: 7564)

    • Manual execution by a user

      • WinRAR.exe (PID: 7564)
      • WinRAR.exe (PID: 2424)
      • WinRAR.exe (PID: 7920)
      • WinRAR.exe (PID: 6440)
      • Keygen.exe (PID: 7448)
      • processlassosetup64.exe (PID: 4544)
      • processlassosetup64.exe (PID: 4584)
      • Keygen.exe (PID: 5692)
      • Keygen.exe (PID: 8124)
      • Keygen.exe (PID: 1156)
      • Keygen.exe (PID: 3516)
      • Keygen.exe (PID: 7996)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7564)
      • WinRAR.exe (PID: 6440)
      • WinRAR.exe (PID: 7920)
      • WinRAR.exe (PID: 2424)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 7564)
      • WinRAR.exe (PID: 7920)
      • WinRAR.exe (PID: 6440)
      • WinRAR.exe (PID: 2424)

    • Checks supported languages

      • Keygen.exe (PID: 5692)
      • processlassosetup64.exe (PID: 4584)
      • InstallHelper.exe (PID: 4192)
      • InstallHelper.exe (PID: 3396)
      • InstallHelper.exe (PID: 8004)
      • InstallHelper.exe (PID: 1140)
      • InstallHelper.exe (PID: 7324)
      • InstallHelper.exe (PID: 7556)
      • InstallHelper.exe (PID: 7940)
      • srvstub.exe (PID: 3804)
      • ProcessGovernor.exe (PID: 3812)
      • InstallHelper.exe (PID: 524)
      • ProcessLasso.exe (PID: 3680)
      • InstallHelper.exe (PID: 7300)
      • InstallHelper.exe (PID: 1356)
      • bitsumsessionagent.exe (PID: 6648)
      • Keygen.exe (PID: 8124)
      • Keygen.exe (PID: 7996)

    • Reads the computer name

      • Keygen.exe (PID: 5692)
      • processlassosetup64.exe (PID: 4584)
      • InstallHelper.exe (PID: 4192)
      • InstallHelper.exe (PID: 7940)
      • InstallHelper.exe (PID: 8004)
      • InstallHelper.exe (PID: 7324)
      • InstallHelper.exe (PID: 7300)
      • InstallHelper.exe (PID: 7556)
      • InstallHelper.exe (PID: 3396)
      • InstallHelper.exe (PID: 1140)
      • InstallHelper.exe (PID: 1356)
      • ProcessGovernor.exe (PID: 3812)
      • srvstub.exe (PID: 3804)
      • InstallHelper.exe (PID: 524)
      • ProcessLasso.exe (PID: 3680)
      • Keygen.exe (PID: 8124)
      • Keygen.exe (PID: 7996)

    • Create files in a temporary directory

      • processlassosetup64.exe (PID: 4584)

    • Creates files in the program directory

      • processlassosetup64.exe (PID: 4584)
      • InstallHelper.exe (PID: 7324)
      • InstallHelper.exe (PID: 7300)
      • ProcessGovernor.exe (PID: 3812)
      • ProcessLasso.exe (PID: 3680)

    • Reads CPU info

      • InstallHelper.exe (PID: 4192)
      • InstallHelper.exe (PID: 7940)
      • InstallHelper.exe (PID: 8004)
      • InstallHelper.exe (PID: 1140)
      • InstallHelper.exe (PID: 7300)
      • InstallHelper.exe (PID: 7324)
      • InstallHelper.exe (PID: 3396)
      • InstallHelper.exe (PID: 7556)
      • InstallHelper.exe (PID: 1356)
      • InstallHelper.exe (PID: 524)
      • ProcessGovernor.exe (PID: 3812)
      • ProcessLasso.exe (PID: 3680)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
203
Monitored processes
52
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs slui.exe chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs slui.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe winrar.exe winrar.exe keygen.exe no specs keygen.exe processlassosetup64.exe no specs processlassosetup64.exe installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs srvstub.exe no specs processgovernor.exe no specs installhelper.exe no specs processlasso.exe no specs bitsumsessionagent.exe no specs keygen.exe no specs keygen.exe keygen.exe no specs keygen.exe

Process information

PID
CMD
Path
Indicators
Parent process
504"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1904,i,2792723979545393420,17473798547004036651,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
524"C:\Program Files\Process Lasso\installhelper.exe" /langcheckC:\Program Files\Process Lasso\InstallHelper.exeprocesslassosetup64.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
0
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
720"C:\Program Files\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints "cracksurl.com"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1140"C:\Program Files\Process Lasso\InstallHelper.exe" /installC:\Program Files\Process Lasso\InstallHelper.exeprocesslassosetup64.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
0
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1156"C:\Users\admin\Downloads\ProcessLasso-RSLOAD.NET-\keygen-BTCR\BTCR\Keygen.exe" C:\Users\admin\Downloads\ProcessLasso-RSLOAD.NET-\keygen-BTCR\BTCR\Keygen.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\downloads\processlasso-rsload.net-\keygen-btcr\btcr\keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1356"C:\Program Files\Process Lasso\installHelper.exe" /startgovernorserviceC:\Program Files\Process Lasso\InstallHelper.exeprocesslassosetup64.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
0
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1764"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4732 --field-trial-handle=1904,i,2792723979545393420,17473798547004036651,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2100"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=4020 --field-trial-handle=1904,i,2792723979545393420,17473798547004036651,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2424"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Downloads\ProcessLasso-RSLOAD.NET-\BOP114.rar" C:\Users\admin\Downloads\ProcessLasso-RSLOAD.NET-\BOP114\C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2692"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=2120 --field-trial-handle=1904,i,2792723979545393420,17473798547004036651,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:3C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
21 449
Read events
21 134
Write events
306
Delete events
9

Modification events

(PID) Process:(720) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(720) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(720) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(720) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(720) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(720) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(720) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(720) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(720) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(720) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
Executable files
39
Suspicious files
94
Text files
53
Unknown types
7

Dropped files

PID
Process
Filename
Type
720chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF1c0ac5.TMP
MD5:
SHA256:
720chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
720chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
720chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
720chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
720chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF1c0ae4.TMP
MD5:
SHA256:
720chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
720chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
720chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF1c0ab6.TMPtext
MD5:8F45965291AB2DA10EEB049FB6E917C6
SHA256:8A0DE526945B27CDBBD87357C85FDDD37B572370F894CB0A5AC533FD465D2166
720chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:FC81892AC822DCBB09441D3B58B47125
SHA256:FB077C966296D02D50CCBF7F761D2A3311A206A784A7496F331C2B0D6AD205C8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
88
DNS requests
93
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4424
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3676
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
2216
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
4388
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adpqvkfvmnkfl4g52htw6e7e2yzq_66/khaoiebndkojlmppeemjhbpbandiljpe_66_win_acs6eqqbgqw4p5n5jb6zwupd5f2a.crx3
unknown
whitelisted
4132
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
4388
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adpqvkfvmnkfl4g52htw6e7e2yzq_66/khaoiebndkojlmppeemjhbpbandiljpe_66_win_acs6eqqbgqw4p5n5jb6zwupd5f2a.crx3
unknown
whitelisted
4388
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adpqvkfvmnkfl4g52htw6e7e2yzq_66/khaoiebndkojlmppeemjhbpbandiljpe_66_win_acs6eqqbgqw4p5n5jb6zwupd5f2a.crx3
unknown
whitelisted
4388
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adpqvkfvmnkfl4g52htw6e7e2yzq_66/khaoiebndkojlmppeemjhbpbandiljpe_66_win_acs6eqqbgqw4p5n5jb6zwupd5f2a.crx3
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2348
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5368
SearchApp.exe
131.253.33.254:443
a-ring-fallback.msedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
5368
SearchApp.exe
104.126.37.144:443
www.bing.com
Akamai International B.V.
DE
unknown
4648
slui.exe
20.83.72.98:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6012
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4340
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3952
svchost.exe
239.255.255.250:1900
whitelisted
2432
slui.exe
20.83.72.98:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5272
slui.exe
20.83.72.98:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
a-ring-fallback.msedge.net
  • 131.253.33.254
unknown
www.bing.com
  • 104.126.37.144
  • 104.126.37.139
  • 104.126.37.129
  • 104.126.37.160
  • 104.126.37.128
  • 104.126.37.154
  • 104.126.37.123
  • 104.126.37.130
  • 104.126.37.153
whitelisted
google.com
  • 142.250.186.78
whitelisted
cracksurl.com
  • 212.1.209.172
whitelisted
accounts.google.com
  • 142.250.145.84
whitelisted
secure.gravatar.com
  • 192.0.73.2
whitelisted
stats.wp.com
  • 192.0.76.3
whitelisted
fonts.googleapis.com
  • 142.250.184.234
whitelisted
v0.wordpress.com
  • 192.0.78.13
  • 192.0.78.12
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
cracksurl.com