URL:

https://anonfiles.com/m8NeC6n8za/rat_7z

Full analysis: https://app.any.run/tasks/3b1eea88-dc9e-4bc9-911e-b05534fec1d6
Verdict: Malicious activity
Analysis date: April 26, 2023, 17:38:58
OS: Windows 10 Professional (build: 19044, 32 bit)
Indicators:
MD5:

381C22A2BB3F4581C8C9E7F724D03F87

SHA1:

B1563417A23BB2525CF61893B1A57861ACFD575E

SHA256:

DABC4A34694FDF4045528AE7F5306B3C3B2E8EEDD417C33F3A2744E427D7BBFA

SSDEEP:

3:N8M2Tukpfrif:2M2Tuefr8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • msedge.exe (PID: 4352)
      • iexplore.exe (PID: 2012)
      • msedge.exe (PID: 3008)

    • Reads the computer name

      • identity_helper.exe (PID: 2240)
      • cookie_exporter.exe (PID: 5060)
      • identity_helper.exe (PID: 3324)
      • identity_helper.exe (PID: 2168)

    • Create files in a temporary directory

      • msedge.exe (PID: 2904)
      • iexplore.exe (PID: 2012)
      • msedge.exe (PID: 4352)
      • msedge.exe (PID: 3008)

    • Checks supported languages

      • identity_helper.exe (PID: 2240)
      • identity_helper.exe (PID: 2168)
      • cookie_exporter.exe (PID: 5060)
      • identity_helper.exe (PID: 3324)

    • Manual execution by a user

      • msedge.exe (PID: 3008)
      • WinRAR.exe (PID: 3316)
      • notepad.exe (PID: 832)
      • cmd.exe (PID: 3476)

    • The process checks LSA protection

      • identity_helper.exe (PID: 2240)
      • identity_helper.exe (PID: 2168)
      • cookie_exporter.exe (PID: 5060)
      • identity_helper.exe (PID: 3324)
      • conhost.exe (PID: 492)
      • notepad.exe (PID: 832)

    • Checks proxy server information

      • cookie_exporter.exe (PID: 5060)

    • The process uses the downloaded file

      • msedge.exe (PID: 4324)
      • WinRAR.exe (PID: 3316)
      • msedge.exe (PID: 3008)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3316)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
166
Monitored processes
88
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe ie_to_edge_stub.exe no specs ie_to_edge_stub.exe no specs ie_to_edge_stub.exe no specs ie_to_edge_stub.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs iexplore.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cookie_exporter.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notepad.exe no specs cmd.exe conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
184"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6028 --field-trial-handle=2064,i,4339846108237886071,5073646981828276440,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
204"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5716 --field-trial-handle=2068,i,11045969991250828069,15448768101861926517,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
316"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2012 CREDAT:3282190 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
476"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=2068,i,11045969991250828069,15448768101861926517,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
492"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7944 --field-trial-handle=2068,i,11045969991250828069,15448768101861926517,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
492\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
516"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 --field-trial-handle=2064,i,4339846108237886071,5073646981828276440,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
628"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4636 --field-trial-handle=2068,i,11045969991250828069,15448768101861926517,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
832"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Downloads\rat\readme.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\notepad.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
1060"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6288 --field-trial-handle=2068,i,11045969991250828069,15448768101861926517,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
45 100
Read events
44 666
Write events
400
Delete events
34

Modification events

(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:OperationalData
Value:
0C00000000000000
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation
Operation:writeName:CVListXMLVersionLow
Value:
395196024
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation
Operation:writeName:CVListXMLVersionHigh
Value:
268435456
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Spartan
Operation:writeName:RAC_LaunchFlags
Value:
53
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\GPU
Operation:writeName:SoftwareFallback
Value:
0
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\GPU
Operation:writeName:VendorId
Value:
5140
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\GPU
Operation:writeName:DeviceId
Value:
140
(PID) Process:(2012) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\GPU
Operation:writeName:SubSysId
Value:
0
Executable files
58
Suspicious files
2 050
Text files
743
Unknown types
5

Dropped files

PID
Process
Filename
Type
3212iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Low\IE\XPIOF5VQ\v1[1].xmlxml
MD5:3BE1E8CC5B79629EF058118D9E1BAD30
SHA256:7E3237785C5D6368C781E9545F31BB0BF77B10E44C0FBC3EDBBE780F1F8DBC38
4352msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0vxd
MD5:CF89D16BB9107C631DAABF0C0EE58EFB
SHA256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
4352msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3vxd
MD5:41876349CB12D6DB992F1309F22DF3F0
SHA256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
3212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:9CC39EA748C651DB39BAAF3B7BD9A7AF
SHA256:392AA28AE0802751FAD3EA55CDE08D9105EFC0FA4D5247E2FE81F4ED8C284941
4352msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State~RF31fd1e.TMPtext
MD5:A520AAD39A5E8C45D6B8F5964BA9BE53
SHA256:C34FB65B47D1620209CDFD840592E5C1664BA88F56F03EE45A4E5FFD39D06379
4352msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Last Versiontext
MD5:D6DB6EA02FE506F2DA98F1C137243587
SHA256:126173A7D7D0F54A9FCE5465180BC49DB023E723A41BB55A0F9497BE76FBAA28
3212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECEder
MD5:CCA0D061405B610F4AAA52488A4F3A0D
SHA256:B90418B37E24A13201982FD6981612A8C4E21608BD643FA731536C76D700CD58
4352msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2binary
MD5:0962291D6D367570BEE5454721C17E11
SHA256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
3212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECEbinary
MD5:6EDD903B1FC82CC6E6E5165500A37A29
SHA256:2D3B5000DCF6127575306B84C810D3A5EB4A8F59CCA20750CBAA3135F2BF63BB
3212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A11DD062BD6941BA904CE326B76441E7binary
MD5:026ADDD968F99EAEA16C23AD412EB0D2
SHA256:1F45827AE641BA58245D678E3F4D55E3C17D8EE02CCCA70CC8B0BC5B4D9F938A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
46
TCP/UDP connections
159
DNS requests
172
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1216
svchost.exe
HEAD
200
67.27.158.254:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9e51170b-7adf-40ab-83b6-5f97b13bedcb?P1=1683007894&P2=404&P3=2&P4=gAILZGjWJVsHbH%2fIKeyvJph7jOnktAfHljIEnazb4yKPg4TcMhBNVsOcJtp5AKycYf5ecjvaEx%2b1Q4QlMkN%2fJg%3d%3d
US
whitelisted
3212
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D
US
der
471 b
whitelisted
3212
iexplore.exe
GET
200
2.16.186.10:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOI%2Fr6VlRk2IWfPujbwCtjKYg%3D%3D
unknown
binary
503 b
shared
3212
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D
US
der
471 b
whitelisted
2248
svchost.exe
GET
200
95.101.54.128:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
der
1.11 Kb
whitelisted
1216
svchost.exe
GET
206
67.27.158.254:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9e51170b-7adf-40ab-83b6-5f97b13bedcb?P1=1683007894&P2=404&P3=2&P4=gAILZGjWJVsHbH%2fIKeyvJph7jOnktAfHljIEnazb4yKPg4TcMhBNVsOcJtp5AKycYf5ecjvaEx%2b1Q4QlMkN%2fJg%3d%3d
US
binary
89.7 Kb
whitelisted
1216
svchost.exe
HEAD
200
67.27.158.254:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b13f8a8d-379e-4a91-983b-852a8da78da0?P1=1683007895&P2=404&P3=2&P4=iKB1ACfah8Hol%2flsCMeioOja2iO6FmyRVGjwGcTz4p00RUl8phWwKbXZnqGHLbCrm14IRdv%2b%2buAfNQatK5uYbw%3d%3d
US
binary
48.2 Kb
whitelisted
1216
svchost.exe
GET
206
67.27.158.254:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9e51170b-7adf-40ab-83b6-5f97b13bedcb?P1=1683007894&P2=404&P3=2&P4=gAILZGjWJVsHbH%2fIKeyvJph7jOnktAfHljIEnazb4yKPg4TcMhBNVsOcJtp5AKycYf5ecjvaEx%2b1Q4QlMkN%2fJg%3d%3d
US
binary
48.2 Kb
whitelisted
1216
svchost.exe
GET
206
67.27.158.254:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9e51170b-7adf-40ab-83b6-5f97b13bedcb?P1=1683007894&P2=404&P3=2&P4=gAILZGjWJVsHbH%2fIKeyvJph7jOnktAfHljIEnazb4yKPg4TcMhBNVsOcJtp5AKycYf5ecjvaEx%2b1Q4QlMkN%2fJg%3d%3d
US
binary
1.09 Kb
whitelisted
1600
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl
unknown
der
564 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3212
iexplore.exe
45.154.253.151:443
anonfiles.com
Svea Hosting AB
GB
suspicious
3212
iexplore.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3212
iexplore.exe
151.101.2.217:443
vjs.zencdn.net
FASTLY
US
suspicious
4108
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4108
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
4108
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3212
iexplore.exe
104.18.21.226:80
ocsp2.globalsign.com
CLOUDFLARENET
shared
2012
iexplore.exe
45.154.253.151:443
anonfiles.com
Svea Hosting AB
GB
suspicious
3212
iexplore.exe
52.222.250.42:80
ocsp.rootca1.amazontrust.com
AMAZON-02
US
whitelisted
3212
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
anonfiles.com
  • 45.154.253.151
  • 45.154.253.152
  • 45.154.253.150
shared
go.microsoft.com
  • 104.103.88.140
  • 95.100.53.90
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
x1.c.lencr.org
  • 23.56.202.135
whitelisted
r3.o.lencr.org
  • 2.16.186.10
  • 2.16.186.42
  • 2.16.186.26
  • 2.16.186.35
  • 2.16.186.40
shared
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
vjs.zencdn.net
  • 151.101.2.217
  • 151.101.66.217
  • 151.101.130.217
  • 151.101.194.217
whitelisted
config.edge.skype.com
  • 13.107.42.16
malicious
ocsp2.globalsign.com
  • 104.18.21.226
  • 104.18.20.226
whitelisted
djv99sxoqpv11.cloudfront.net
  • 13.224.194.221
  • 13.224.194.38
  • 13.224.194.125
  • 13.224.194.18
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://anonfiles.com/m8NeC6n8za/rat_7z