URL:

https://anonfiles.com/m8NeC6n8za/rat_7z

Full analysis: https://app.any.run/tasks/3b1eea88-dc9e-4bc9-911e-b05534fec1d6
Verdict: Malicious activity
Analysis date: April 26, 2023, 17:38:58
OS: Windows 10 Professional (build: 19044, 32 bit)
Indicators:
MD5:

381C22A2BB3F4581C8C9E7F724D03F87

SHA1:

B1563417A23BB2525CF61893B1A57861ACFD575E

SHA256:

DABC4A34694FDF4045528AE7F5306B3C3B2E8EEDD417C33F3A2744E427D7BBFA

SSDEEP:

3:N8M2Tukpfrif:2M2Tuefr8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • msedge.exe (PID: 4352)
      • iexplore.exe (PID: 2012)
      • msedge.exe (PID: 3008)

    • The process checks LSA protection

      • identity_helper.exe (PID: 2240)
      • cookie_exporter.exe (PID: 5060)
      • identity_helper.exe (PID: 3324)
      • identity_helper.exe (PID: 2168)
      • conhost.exe (PID: 492)
      • notepad.exe (PID: 832)

    • Checks supported languages

      • identity_helper.exe (PID: 2240)
      • cookie_exporter.exe (PID: 5060)
      • identity_helper.exe (PID: 3324)
      • identity_helper.exe (PID: 2168)

    • Reads the computer name

      • identity_helper.exe (PID: 2240)
      • cookie_exporter.exe (PID: 5060)
      • identity_helper.exe (PID: 3324)
      • identity_helper.exe (PID: 2168)

    • Create files in a temporary directory

      • iexplore.exe (PID: 2012)
      • msedge.exe (PID: 2904)
      • msedge.exe (PID: 4352)
      • msedge.exe (PID: 3008)

    • Checks proxy server information

      • cookie_exporter.exe (PID: 5060)

    • Manual execution by a user

      • msedge.exe (PID: 3008)
      • WinRAR.exe (PID: 3316)
      • notepad.exe (PID: 832)
      • cmd.exe (PID: 3476)

    • The process uses the downloaded file

      • WinRAR.exe (PID: 3316)
      • msedge.exe (PID: 4324)
      • msedge.exe (PID: 3008)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3316)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
166
Monitored processes
88
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe ie_to_edge_stub.exe no specs ie_to_edge_stub.exe no specs ie_to_edge_stub.exe no specs ie_to_edge_stub.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs iexplore.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cookie_exporter.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notepad.exe no specs cmd.exe conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
184"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6028 --field-trial-handle=2064,i,4339846108237886071,5073646981828276440,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
204"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5716 --field-trial-handle=2068,i,11045969991250828069,15448768101861926517,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
316"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2012 CREDAT:3282190 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
476"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=2068,i,11045969991250828069,15448768101861926517,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
492"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7944 --field-trial-handle=2068,i,11045969991250828069,15448768101861926517,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
492\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
516"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 --field-trial-handle=2064,i,4339846108237886071,5073646981828276440,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
628"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4636 --field-trial-handle=2068,i,11045969991250828069,15448768101861926517,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
832"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Downloads\rat\readme.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\notepad.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
1060"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6288 --field-trial-handle=2068,i,11045969991250828069,15448768101861926517,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
45 100
Read events
44 666
Write events
400
Delete events
34

Modification events

(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:OperationalData
Value:
0C00000000000000
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation
Operation:writeName:CVListXMLVersionLow
Value:
395196024
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation
Operation:writeName:CVListXMLVersionHigh
Value:
268435456
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Spartan
Operation:writeName:RAC_LaunchFlags
Value:
53
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\GPU
Operation:writeName:SoftwareFallback
Value:
0
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\GPU
Operation:writeName:VendorId
Value:
5140
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\GPU
Operation:writeName:DeviceId
Value:
140
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\GPU
Operation:writeName:SubSysId
Value:
0
Executable files
58
Suspicious files
2 050
Text files
743
Unknown types
5

Dropped files

PID
Process
Filename
Type
4352msedge.exeC:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\VARIATIONSbinary
MD5:67408267EF01ED6B9372F04C029B602A
SHA256:B5AA30B0D3E08F80F60EFFA00FE335D2295FA494B36F33A2E8D8C66E0A34234A
3212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECEder
MD5:CCA0D061405B610F4AAA52488A4F3A0D
SHA256:B90418B37E24A13201982FD6981612A8C4E21608BD643FA731536C76D700CD58
3212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECEbinary
MD5:6EDD903B1FC82CC6E6E5165500A37A29
SHA256:2D3B5000DCF6127575306B84C810D3A5EB4A8F59CCA20750CBAA3135F2BF63BB
3212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751der
MD5:60FE01DF86BE2E5331B0CDBE86165686
SHA256:C08CCBC876CD5A7CDFA9670F9637DA57F6A1282198A9BC71FC7D7247A6E5B7A8
3212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:9CC39EA748C651DB39BAAF3B7BD9A7AF
SHA256:392AA28AE0802751FAD3EA55CDE08D9105EFC0FA4D5247E2FE81F4ED8C284941
3212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868binary
MD5:417E6D734460E5E4E79E2D888668E166
SHA256:2E9547533D59D9FA9AF611941EED91AA3285906B847617072467A38F3AA2F3E5
3212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868binary
MD5:5BBFBC12F26E8535B02536724D44595E
SHA256:F18AB7EDBBE0E1905DD6FE3BD5C962940EFD93F24EA85859FBFBBE4709671CC6
3212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A11DD062BD6941BA904CE326B76441E7binary
MD5:26DC7C3BBFFCFC88F5BB8464318E5AD9
SHA256:44B47796F6EE9A4E6ABEBC355EC2DE3D0616AA3F1294EA2A0E6723B85FA032CF
4352msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State~RF31fd1e.TMPtext
MD5:A520AAD39A5E8C45D6B8F5964BA9BE53
SHA256:C34FB65B47D1620209CDFD840592E5C1664BA88F56F03EE45A4E5FFD39D06379
4352msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\indexbinary
MD5:5F1D7796E3D3CF2BC1CBE81191FC9425
SHA256:3B269CFD6E2F2BA9C714A72D157492D78F6DEA7C7AF82144D4CFBB857ED05525
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
46
TCP/UDP connections
159
DNS requests
172
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1216
svchost.exe
HEAD
200
67.27.158.254:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9e51170b-7adf-40ab-83b6-5f97b13bedcb?P1=1683007894&P2=404&P3=2&P4=gAILZGjWJVsHbH%2fIKeyvJph7jOnktAfHljIEnazb4yKPg4TcMhBNVsOcJtp5AKycYf5ecjvaEx%2b1Q4QlMkN%2fJg%3d%3d
US
whitelisted
3212
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D
US
der
471 b
whitelisted
3212
iexplore.exe
GET
200
23.56.202.135:80
http://x1.c.lencr.org/
GB
der
717 b
whitelisted
1216
svchost.exe
GET
206
67.27.158.254:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9e51170b-7adf-40ab-83b6-5f97b13bedcb?P1=1683007894&P2=404&P3=2&P4=gAILZGjWJVsHbH%2fIKeyvJph7jOnktAfHljIEnazb4yKPg4TcMhBNVsOcJtp5AKycYf5ecjvaEx%2b1Q4QlMkN%2fJg%3d%3d
US
binary
1.09 Kb
whitelisted
1600
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl
unknown
der
564 b
whitelisted
2012
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
2012
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
binary
1.47 Kb
whitelisted
3212
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D
US
der
471 b
whitelisted
3212
iexplore.exe
GET
200
2.16.186.10:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOI%2Fr6VlRk2IWfPujbwCtjKYg%3D%3D
unknown
binary
503 b
shared
2248
svchost.exe
GET
200
95.101.54.128:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
der
1.11 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3212
iexplore.exe
45.154.253.151:443
anonfiles.com
Svea Hosting AB
GB
suspicious
3212
iexplore.exe
104.103.88.140:443
go.microsoft.com
AKAMAI-AS
AT
suspicious
3212
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3212
iexplore.exe
2.16.186.10:80
r3.o.lencr.org
Akamai International B.V.
DE
whitelisted
3212
iexplore.exe
23.56.202.135:80
x1.c.lencr.org
AKAMAI-AS
GB
suspicious
3212
iexplore.exe
151.101.2.217:443
vjs.zencdn.net
FASTLY
US
suspicious
3212
iexplore.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
4108
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3212
iexplore.exe
104.18.21.226:80
ocsp2.globalsign.com
CLOUDFLARENET
shared
3212
iexplore.exe
52.222.250.42:80
ocsp.rootca1.amazontrust.com
AMAZON-02
US
whitelisted

DNS requests

Domain
IP
Reputation
anonfiles.com
  • 45.154.253.151
  • 45.154.253.152
  • 45.154.253.150
shared
go.microsoft.com
  • 104.103.88.140
  • 95.100.53.90
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
x1.c.lencr.org
  • 23.56.202.135
whitelisted
r3.o.lencr.org
  • 2.16.186.10
  • 2.16.186.42
  • 2.16.186.26
  • 2.16.186.35
  • 2.16.186.40
shared
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
vjs.zencdn.net
  • 151.101.2.217
  • 151.101.66.217
  • 151.101.130.217
  • 151.101.194.217
whitelisted
config.edge.skype.com
  • 13.107.42.16
malicious
ocsp2.globalsign.com
  • 104.18.21.226
  • 104.18.20.226
whitelisted
djv99sxoqpv11.cloudfront.net
  • 13.224.194.221
  • 13.224.194.38
  • 13.224.194.125
  • 13.224.194.18
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://anonfiles.com/m8NeC6n8za/rat_7z