File name:

netcut.exe

Full analysis: https://app.any.run/tasks/54c7107e-dec9-4a9c-9bd8-45fb76741be2
Verdict: Malicious activity
Analysis date: March 11, 2024, 16:47:31
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

C1313BB01B36E3D1B4F698E6A5375D82

SHA1:

8EE32153EB23ACC8EC8C41AE2E274D2D5CD4722B

SHA256:

C994C0053C51DB9AC4E6AD8E6FE547064ECCAEC2E9487E92BDAA1A77135483D0

SSDEEP:

98304:3+cD4dn53Vzxt8JHagoEsh0rEZO+FgmYXVz+MVKVMUQKLaV24gGp5T6c4znxqPCt:7safG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • netcut.exe (PID: 3652)
      • netcut.exe (PID: 3464)
      • netcut.tmp (PID: 3932)
      • WinPcap_4_1_3.exe (PID: 3276)

    • Creates a writable file in the system directory

      • WinPcap_4_1_3.exe (PID: 3276)

    • Starts NET.EXE for service management

      • WinPcap_4_1_3.exe (PID: 3276)
      • net.exe (PID: 3392)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • netcut.exe (PID: 3652)
      • netcut.exe (PID: 3464)
      • netcut.tmp (PID: 3932)
      • WinPcap_4_1_3.exe (PID: 3276)

    • Reads the Windows owner or organization settings

      • netcut.tmp (PID: 3932)

    • Process drops legitimate windows executable

      • netcut.tmp (PID: 3932)

    • The process drops C-runtime libraries

      • netcut.tmp (PID: 3932)

    • Drops a system driver (possible attempt to evade defenses)

      • WinPcap_4_1_3.exe (PID: 3276)

    • The process creates files with name similar to system file names

      • WinPcap_4_1_3.exe (PID: 3276)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • WinPcap_4_1_3.exe (PID: 3276)

    • Creates files in the driver directory

      • WinPcap_4_1_3.exe (PID: 3276)

    • Creates or modifies Windows services

      • WinPcap_4_1_3.exe (PID: 3276)

    • Creates a software uninstall entry

      • WinPcap_4_1_3.exe (PID: 3276)

    • Starts SC.EXE for service management

      • netcut.tmp (PID: 3932)

    • Starts CMD.EXE for commands execution

      • aips.exe (PID: 2064)

    • Reads the Internet Settings

      • netcut.tmp (PID: 3916)

    • Connects to unusual port

      • netcut_windows.exe (PID: 2156)

    • Non-standard symbols in registry

      • netcut.tmp (PID: 3932)

    • Executes as Windows Service

      • aips.exe (PID: 2064)

    • Reads security settings of Internet Explorer

      • aips.exe (PID: 2064)

  • INFO

    • Create files in a temporary directory

      • netcut.exe (PID: 3652)
      • netcut.exe (PID: 3464)
      • WinPcap_4_1_3.exe (PID: 3276)

    • Checks supported languages

      • netcut.exe (PID: 3652)
      • netcut.exe (PID: 3464)
      • netcut.tmp (PID: 3916)
      • netcut.tmp (PID: 3932)
      • WinPcap_4_1_3.exe (PID: 3276)
      • aips.exe (PID: 3488)
      • aips.exe (PID: 2064)
      • netcut_windows.exe (PID: 2152)
      • netcut_windows.exe (PID: 2156)
      • wmpnscfg.exe (PID: 3440)

    • Reads the computer name

      • netcut.tmp (PID: 3916)
      • netcut.tmp (PID: 3932)
      • WinPcap_4_1_3.exe (PID: 3276)
      • aips.exe (PID: 3488)
      • aips.exe (PID: 2064)
      • netcut_windows.exe (PID: 2156)
      • wmpnscfg.exe (PID: 3440)

    • Creates files in the program directory

      • netcut.tmp (PID: 3932)
      • WinPcap_4_1_3.exe (PID: 3276)
      • netcut_windows.exe (PID: 2156)

    • Creates files or folders in the user directory

      • netcut.tmp (PID: 3932)

    • Creates a software uninstall entry

      • netcut.tmp (PID: 3932)

    • Reads Environment values

      • WinPcap_4_1_3.exe (PID: 3276)

    • Application launched itself

      • msedge.exe (PID: 1556)
      • msedge.exe (PID: 3876)
      • msedge.exe (PID: 2336)

    • Reads the machine GUID from the registry

      • netcut_windows.exe (PID: 2156)
      • aips.exe (PID: 2064)

    • Manual execution by a user

      • msedge.exe (PID: 3876)
      • wmpnscfg.exe (PID: 3440)
      • msedge.exe (PID: 2336)

    • Checks proxy server information

      • aips.exe (PID: 2064)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 3876)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 133120
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: arcai.com
FileDescription: netcut Setup
FileVersion:
LegalCopyright:
OriginalFileName:
ProductName: netcut
ProductVersion: 3.0.237
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
95
Monitored processes
51
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start netcut.exe netcut.tmp no specs netcut.exe netcut.tmp sc.exe no specs winpcap_4_1_3.exe net.exe no specs net1.exe no specs aips.exe no specs aips.exe cmd.exe no specs netcut_windows.exe no specs netcut_windows.exe msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
448"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=4680 --field-trial-handle=1280,i,2714832354086479217,6934507384718058629,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
572"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1532 --field-trial-handle=1280,i,2714832354086479217,6934507384718058629,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
764"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2208 --field-trial-handle=1292,i,5544909274463570534,11348770537426190435,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
796C:\Windows\system32\cmd.exe /c "C:\Program Files\arcai.com\netcut_windows.exe" -vC:\Windows\System32\cmd.exeaips.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
840"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4328 --field-trial-handle=1280,i,2714832354086479217,6934507384718058629,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
844"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4116 --field-trial-handle=1280,i,2714832354086479217,6934507384718058629,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
896"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1556 --field-trial-handle=1292,i,5544909274463570534,11348770537426190435,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
992"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1292,i,5544909274463570534,11348770537426190435,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1036"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1280,i,2714832354086479217,6934507384718058629,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1216"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3388 --field-trial-handle=1280,i,2714832354086479217,6934507384718058629,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
22 660
Read events
22 494
Write events
137
Delete events
29

Modification events

(PID) Process:(3932) netcut.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
5C0F00007C3953D8D373DA01
(PID) Process:(3932) netcut.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
F6114ADCFDE6C7382EC04ADBE7CD18AC73CA6E9D5DF1A0F65D14E07CC8D8D4A0
(PID) Process:(3932) netcut.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(3932) netcut.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\arcai.com\aips.exe
(PID) Process:(3932) netcut.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
BFBD0C8C3E1964F78FD363E13B3145F251C0CF28E83D36AF1EA719178765B977
(PID) Process:(3932) netcut.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6BE5152F-0885-4AA5-8385-4AD2D8472C71}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(3932) netcut.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6BE5152F-0885-4AA5-8385-4AD2D8472C71}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\arcai.com
(PID) Process:(3932) netcut.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6BE5152F-0885-4AA5-8385-4AD2D8472C71}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\arcai.com\
(PID) Process:(3932) netcut.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6BE5152F-0885-4AA5-8385-4AD2D8472C71}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
netcut
(PID) Process:(3932) netcut.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6BE5152F-0885-4AA5-8385-4AD2D8472C71}_is1
Operation:writeName:Inno Setup: User
Value:
admin
Executable files
28
Suspicious files
86
Text files
129
Unknown types
77

Dropped files

PID
Process
Filename
Type
3932netcut.tmpC:\Program Files\arcai.com\is-RMJU1.tmpexecutable
MD5:C33757BE34CF9445947E0EC73F2AB97C
SHA256:8F762E1DD0F984B4E68BB005580CE2C5F422C05726F61FB6BE9D85F4C3F9F0C6
3932netcut.tmpC:\Program Files\arcai.com\is-3K9NQ.tmpexecutable
MD5:2BE7DC4A60ACB97A1BDC948C3AE0ADA2
SHA256:FA8C039995D16F47B0E959CEB9B3C0A9D22DEE14C07F172D884F2B2FA00E37DE
3932netcut.tmpC:\Program Files\arcai.com\msvcp120.dllexecutable
MD5:FD5CABBE52272BD76007B68186EBAF00
SHA256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
3932netcut.tmpC:\Program Files\arcai.com\is-EF157.tmpexecutable
MD5:FD5CABBE52272BD76007B68186EBAF00
SHA256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
3932netcut.tmpC:\Program Files\arcai.com\aips.exeexecutable
MD5:2BE7DC4A60ACB97A1BDC948C3AE0ADA2
SHA256:FA8C039995D16F47B0E959CEB9B3C0A9D22DEE14C07F172D884F2B2FA00E37DE
3932netcut.tmpC:\Program Files\arcai.com\netcut_windows.exeexecutable
MD5:7156CD604D1D8FA0367ACD8A32B1AEA6
SHA256:73F05D2C830A3935B6F9A523E1F47B5CECFD4C26C4C4366F9A8B3A24A70197CC
3652netcut.exeC:\Users\admin\AppData\Local\Temp\is-E035F.tmp\netcut.tmpexecutable
MD5:C33757BE34CF9445947E0EC73F2AB97C
SHA256:8F762E1DD0F984B4E68BB005580CE2C5F422C05726F61FB6BE9D85F4C3F9F0C6
3932netcut.tmpC:\Program Files\arcai.com\is-KFB80.tmpexecutable
MD5:7156CD604D1D8FA0367ACD8A32B1AEA6
SHA256:73F05D2C830A3935B6F9A523E1F47B5CECFD4C26C4C4366F9A8B3A24A70197CC
3932netcut.tmpC:\Program Files\arcai.com\is-UGU80.tmpexecutable
MD5:A11A2F0CFE6D0B4C50945989DB6360CD
SHA256:FC4623B113A1F603C0D9AD5F83130BD6DE1C62B973BE9892305132389C8588DE
3932netcut.tmpC:\Program Files\arcai.com\WinPcap_4_1_3.exeexecutable
MD5:A11A2F0CFE6D0B4C50945989DB6360CD
SHA256:FC4623B113A1F603C0D9AD5F83130BD6DE1C62B973BE9892305132389C8588DE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
97
DNS requests
101
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2064
aips.exe
GET
200
188.114.96.3:80
http://www.arcai.com/netCut/Update3.php?query=bmFtZT1uZXRjdXRfd2luZG93cy5leGU6dmVyc2lvbj0yMzc=
unknown
text
12 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
1728
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1556
msedge.exe
239.255.255.250:1900
unknown
1728
msedge.exe
188.114.96.3:443
www.arcai.com
CLOUDFLARENET
NL
unknown
1728
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2156
netcut_windows.exe
188.114.96.3:443
www.arcai.com
CLOUDFLARENET
NL
unknown
2156
netcut_windows.exe
172.105.129.132:443
load.arcai.com
Linode, LLC
US
unknown

DNS requests

Domain
IP
Reputation
www.arcai.com
  • 188.114.96.3
  • 188.114.97.3
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
load.arcai.com
  • 172.105.129.132
unknown
accounts.google.com
  • 66.102.1.84
shared
js.stripe.com
  • 66.102.1.84
  • 151.101.192.176
  • 151.101.128.176
  • 151.101.0.176
  • 151.101.64.176
shared
fonts.googleapis.com
  • 142.250.186.42
whitelisted
maxcdn.bootstrapcdn.com
  • 104.18.10.207
  • 104.18.11.207
whitelisted
fonts.gstatic.com
  • 142.250.186.67
whitelisted
www.googletagmanager.com
  • 142.250.185.200
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
netcut.exe