File name:

Borat.7z

Full analysis: https://app.any.run/tasks/bb932604-6819-4dfd-a3f3-96c583f7e96b
Verdict: Malicious activity
Threats:

AsyncRAT is a RAT that can monitor and remotely control infected systems. This malware was introduced on Github as a legitimate open-source remote administration software, but hackers use it for its many powerful malicious functions.

Malware Trends Tracker     >>>
Analysis date: June 11, 2024, 16:50:50
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
asyncrat
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

43C20E4EE2DD87C70DD0ED082DC74431

SHA1:

71051DEE5D0480B8AA30A599A95D0AD928F7BB9E

SHA256:

B2F4CC95E54ACC818410D79072CCD44A4DBB21AFAD82C2A4608B7B52F1502867

SSDEEP:

98304:4mnI+WmnzFhcWMOo/5ucNWw7tq3o280CB6oWprH0Vtcpot+FfRT5apCeiFqQgijQ:BtYHMwzJ4hoHQLs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2620)
      • BoratRat.exe (PID: 6376)
      • Client.exe (PID: 6296)

    • Actions looks like stealing of personal data

      • WinRAR.exe (PID: 2620)
      • BoratRat.exe (PID: 6376)

    • ASYNCRAT has been detected (YARA)

      • BoratRat.exe (PID: 6376)
      • Client.exe (PID: 6296)

    • Starts NET.EXE to view/add/change user profiles

      • cmd.exe (PID: 7036)
      • net.exe (PID: 1924)
      • net.exe (PID: 1460)
      • net.exe (PID: 7016)

    • Starts NET.EXE to view/change users localgroup

      • net.exe (PID: 4060)
      • cmd.exe (PID: 7036)
      • net.exe (PID: 864)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • WinRAR.exe (PID: 2620)

    • The process checks if it is being run in the virtual environment

      • BoratRat.exe (PID: 6376)

    • Reads security settings of Internet Explorer

      • BoratRat.exe (PID: 6376)
      • TextInputHost.exe (PID: 736)

    • Creates file in the systems drive root

      • BoratRat.exe (PID: 6376)

    • Executable content was dropped or overwritten

      • BoratRat.exe (PID: 6376)
      • Client.exe (PID: 6296)

    • Uses WMIC.EXE to obtain local storage devices information

      • cmd.exe (PID: 7036)

    • Uses WMIC.EXE to obtain commands that are run when users log in

      • cmd.exe (PID: 7036)

    • Get information on the list of running processes

      • cmd.exe (PID: 7036)

    • Process uses IPCONFIG to discover network configuration

      • cmd.exe (PID: 7036)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 7036)

    • Uses ROUTE.EXE to obtain the routing table information

      • cmd.exe (PID: 7036)

    • Process uses ARP to discover network configuration

      • cmd.exe (PID: 7036)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 7036)

    • Reads the date of Windows installation

      • BoratRat.exe (PID: 6376)

    • The process executes via Task Scheduler

      • Client.exe (PID: 5912)

    • Starts CMD.EXE for commands execution

      • Client.exe (PID: 6296)

  • INFO

    • Manual execution by a user

      • BoratRat.exe (PID: 6376)
      • Client.exe (PID: 6296)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2620)

    • Reads the computer name

      • BoratRat.exe (PID: 6376)
      • Client.exe (PID: 6296)
      • TextInputHost.exe (PID: 736)
      • Client.exe (PID: 5912)

    • Checks supported languages

      • BoratRat.exe (PID: 6376)
      • Client.exe (PID: 6296)
      • TextInputHost.exe (PID: 736)
      • Client.exe (PID: 5912)

    • Creates files or folders in the user directory

      • BoratRat.exe (PID: 6376)
      • Client.exe (PID: 6296)

    • Reads the machine GUID from the registry

      • BoratRat.exe (PID: 6376)
      • Client.exe (PID: 6296)
      • Client.exe (PID: 5912)

    • Reads Environment values

      • BoratRat.exe (PID: 6376)
      • Client.exe (PID: 6296)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 2304)
      • WMIC.exe (PID: 2044)
      • explorer.exe (PID: 8)
      • notepad.exe (PID: 7112)

    • Reads the time zone

      • net1.exe (PID: 1792)
      • net1.exe (PID: 1496)

    • Process checks computer location settings

      • BoratRat.exe (PID: 6376)

    • Reads Microsoft Office registry keys

      • explorer.exe (PID: 8)

    • Reads the software policy settings

      • Client.exe (PID: 6296)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
162
Monitored processes
36
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs #ASYNCRAT boratrat.exe #ASYNCRAT client.exe cmd.exe no specs conhost.exe no specs systeminfo.exe no specs tiworker.exe no specs hostname.exe no specs wmic.exe no specs net.exe no specs net1.exe no specs query.exe no specs quser.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs wmic.exe no specs tasklist.exe no specs ipconfig.exe no specs route.exe no specs arp.exe no specs netstat.exe no specs sc.exe no specs netsh.exe no specs netsh.exe no specs explorer.exe no specs explorer.exe no specs notepad.exe no specs textinputhost.exe no specs client.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
8C:\WINDOWS\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -EmbeddingC:\Windows\explorer.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\twinapi.dll
c:\windows\system32\msvcrt.dll
736"C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mcaC:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Version:
123.26505.0.0
Modules
Images
c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\textinputhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\vcruntime140_app.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
864net localgroup administrators C:\Windows\System32\net.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Net Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\mpr.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wkscli.dll
1092query user C:\Windows\System32\query.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
MultiUser Query Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\query.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\regapi.dll
c:\windows\system32\gdi32full.dll
1460net user guest C:\Windows\System32\net.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Net Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\mpr.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
1492hostname C:\Windows\System32\HOSTNAME.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Hostname APP
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\hostname.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\napinsp.dll
1496C:\WINDOWS\system32\net1 user guest C:\Windows\System32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Net Command
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\netutils.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\dsrole.dll
1744"C:\WINDOWS\system32\quser.exe"C:\Windows\System32\quser.exequery.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Query User Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\quser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\utildll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\msvcrt.dll
1792C:\WINDOWS\system32\net1 user administrator C:\Windows\System32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Net Command
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ucrtbase.dll
1924net user administrator C:\Windows\System32\net.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Net Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\rpcrt4.dll
Total events
32 168
Read events
32 062
Write events
100
Delete events
6

Modification events

(PID) Process:(2620) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2620) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2620) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(2620) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Borat.7z
(PID) Process:(2620) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2620) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2620) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2620) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2620) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
(PID) Process:(2620) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\AppData\Local\Temp
Executable files
26
Suspicious files
3
Text files
7
Unknown types
1

Dropped files

PID
Process
Filename
Type
2620WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2620.48931\Borat\bin\ip2region.db
MD5:
SHA256:
2620WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2620.48931\Borat\BackupCertificate.zipcompressed
MD5:9322F71EDD95192E1F4D275BFD6D87F3
SHA256:F13033134C386E85A1E9009E863A3E6380438F83E3336B76A33E701A88F64946
2620WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2620.48931\Borat\bin\Extra.dllexecutable
MD5:62C231BAFA469AB04F090FCB4475D360
SHA256:6A4F32B0228092CE68E8448C6F4B74B4C654F40FB2D462C1D6BBD4B4EF09053D
2620WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2620.48931\Borat\bin\Information.dllexecutable
MD5:87651B12453131DAFD3E91F60D8AEF5A
SHA256:A15D72D990686D06D89D7E11DF2B16BCD5719A40298C19D046FA22C40D56AF44
2620WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2620.48931\Borat\BoratRat.exeexecutable
MD5:65B694D69D327EFE28FCBCE125401E96
SHA256:DE60ECBBFEF30C93FE8875EF69B358B20076D1F969FC3D21AB44D59DC9EF7CAB
2620WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2620.48931\Borat\bin\MessagePackLib.dllexecutable
MD5:590B00C87D5FF2FFE09079F0406EB2CD
SHA256:ADB00DEE751B4BA620D3B0E002F5B6D8B89CF63B062F74EC65BBA72294D553D1
2620WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2620.48931\Borat\bin\Logger.dllexecutable
MD5:872145B37D107144894C9AA8729BAD42
SHA256:2F258949FD95DA6CD912BEB7203A9FD5E99D050309A40341DE67537EDB75AADC
2620WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2620.48931\Borat\bin\Miscellaneous.dllexecutable
MD5:509D41DA4A688A2E50FC8E3AFCA074C7
SHA256:F91973113FD01465999CE317F3E7A89DF8C91A5EFADCFA61E5CCCE687BF3580A
2620WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2620.48931\Borat\bin\FileSearcher.dllexecutable
MD5:0B7C33C5739903BA4F4B78C446773528
SHA256:2D9625F41793F62BFE32C10B2D5E05668E321BCAF8B73414B3C31EF677B9BFF4
2620WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2620.48931\Borat\bin\FileManager.dllexecutable
MD5:4CCD3DFB14FFDDDFA598D1096F0190EA
SHA256:7F8A306826FCB0EE985A2B6D874C805F7F9B2062A1123EA4BB7F1EBA90FC1B81
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
65
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4384
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
5140
MoUsoCoreWorker.exe
GET
200
23.200.189.225:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
4680
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
unknown
6408
SIHClient.exe
GET
200
23.200.189.225:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
unknown
5140
MoUsoCoreWorker.exe
GET
200
92.123.180.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
6408
SIHClient.exe
GET
200
23.200.189.225:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
unknown
2908
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
unknown
3976
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4364
svchost.exe
239.255.255.250:1900
unknown
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3708
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5140
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4680
SearchApp.exe
2.18.29.224:443
Akamai International B.V.
PL
unknown
4680
SearchApp.exe
2.18.29.218:443
Akamai International B.V.
PL
unknown
4680
SearchApp.exe
2.18.29.209:443
Akamai International B.V.
PL
unknown
4384
svchost.exe
20.190.159.4:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4384
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 20.190.159.4
  • 20.190.159.0
  • 40.126.31.71
  • 20.190.159.2
  • 20.190.159.68
  • 20.190.159.73
  • 20.190.159.75
  • 40.126.31.73
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 23.53.113.159
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 92.123.180.147
  • 92.123.180.195
whitelisted
www.microsoft.com
  • 23.200.189.225
whitelisted
slscr.update.microsoft.com
  • 40.68.123.157
whitelisted
arc.msn.com
  • 20.103.156.88
whitelisted
fd.api.iris.microsoft.com
  • 20.74.47.205
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Borat.7z