File name:

pet pet 2.exe

Full analysis: https://app.any.run/tasks/97ab17ed-6ebf-4980-8763-3a088bb778a5
Verdict: Malicious activity
Analysis date: January 03, 2025, 21:24:48
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
evasion
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (console) Intel 80386, for MS Windows, 5 sections
MD5:

C267D57D1DBC5D7E85F9628262526DC1

SHA1:

235FD07BE5E6C78DAB2605889D54B681B6002582

SHA256:

DDE720ADCC360541C1ED4437987EA050DEC335CBB12FCAD2D265A4A1B058396F

SSDEEP:

3072:nCYa+0Nu6vQAkQ5S7JmyxCbBKhiTbMCvr:UQLi8NiTblvr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Request from PowerShell which ran from CMD.EXE

      • powershell.exe (PID: 6384)

  • SUSPICIOUS

    • Starts another process probably with elevated privileges via RUNAS.EXE

      • runas.exe (PID: 6328)

    • Starts CMD.EXE for commands execution

      • pet pet 2.exe (PID: 6592)
      • cmd.exe (PID: 6676)

    • Executing commands from a ".bat" file

      • pet pet 2.exe (PID: 6592)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 6676)

    • Application launched itself

      • cmd.exe (PID: 6676)

    • Checks for external IP

      • powershell.exe (PID: 6384)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 6544)

  • INFO

    • Checks supported languages

      • pet pet 2.exe (PID: 6592)

    • Reads security settings of Internet Explorer

      • OpenWith.exe (PID: 2672)
      • cmd.exe (PID: 6676)

    • Checks proxy server information

      • powershell.exe (PID: 6384)

    • Creates files in the program directory

      • chrmstp.exe (PID: 4548)
      • chrome.exe (PID: 6212)

    • Application launched itself

      • chrmstp.exe (PID: 3652)
      • chrmstp.exe (PID: 4548)
      • chrome.exe (PID: 6212)

    • Sends debugging messages

      • chrome.exe (PID: 6216)

    • The process uses the downloaded file

      • chrome.exe (PID: 2432)
      • chrome.exe (PID: 5544)
      • chrome.exe (PID: 7164)
      • chrome.exe (PID: 1512)
      • chrome.exe (PID: 6760)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (41)
.exe | Win64 Executable (generic) (36.3)
.dll | Win32 Dynamic Link Library (generic) (8.6)
.exe | Win32 Executable (generic) (5.9)
.exe | Win16/32 Executable Delphi generic (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:07:30 08:52:45+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 2.5
CodeSize: 70656
InitializedDataSize: 25600
UninitializedDataSize: -
EntryPoint: 0x1000
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows command line
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
200
Monitored processes
68
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start runas.exe no specs conhost.exe no specs pet pet 2.exe conhost.exe no specs cmd.exe no specs timeout.exe no specs timeout.exe no specs timeout.exe no specs timeout.exe no specs timeout.exe no specs timeout.exe no specs timeout.exe no specs openwith.exe no specs timeout.exe no specs cmd.exe no specs powershell.exe timeout.exe no specs timeout.exe no specs chrome.exe chrome.exe chrome.exe no specs timeout.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrmstp.exe no specs chrome.exe no specs chrome.exe no specs chrmstp.exe no specs chrome.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
204"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3904 --field-trial-handle=1924,i,17164979456807473124,2226850696288135103,262144 --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
Administrator
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
420"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6204 --field-trial-handle=1924,i,17164979456807473124,2226850696288135103,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
Administrator
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
512"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1924,i,17164979456807473124,2226850696288135103,262144 --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
Administrator
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
536"C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\WINDOWS\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=122.0.6261.70 --initial-client-data=0x29c,0x2a0,0x2a4,0x278,0x2a8,0x7ff7482717e8,0x7ff7482717f4,0x7ff748271800C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\chrmstp.exechrmstp.exe
User:
Administrator
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome Installer
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\122.0.6261.70\installer\chrmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
640"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5144 --field-trial-handle=1924,i,17164979456807473124,2226850696288135103,262144 --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
Administrator
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
644"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2348 --field-trial-handle=1924,i,17164979456807473124,2226850696288135103,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
Administrator
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1344"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3048 --field-trial-handle=1924,i,17164979456807473124,2226850696288135103,262144 --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
Administrator
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1476"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6636 --field-trial-handle=1924,i,17164979456807473124,2226850696288135103,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
Administrator
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1512"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5612 --field-trial-handle=1924,i,17164979456807473124,2226850696288135103,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
Administrator
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1512"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6568 --field-trial-handle=1924,i,17164979456807473124,2226850696288135103,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
Administrator
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
19 653
Read events
19 616
Write events
37
Delete events
0

Modification events

(PID) Process:(6676) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CacheVersion
Value:
1
(PID) Process:(6676) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CacheLimit
Value:
1
(PID) Process:(6676) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D7D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6676) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6676) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CacheVersion
Value:
1
(PID) Process:(6676) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CacheLimit
Value:
337920
(PID) Process:(6676) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6676) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CacheVersion
Value:
1
(PID) Process:(6676) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CacheLimit
Value:
1
(PID) Process:(6676) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
1
Suspicious files
423
Text files
106
Unknown types
15

Dropped files

PID
Process
Filename
Type
6384powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_gafahkmd.msk.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
2672OpenWith.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.dbbinary
MD5:419A089E66B9E18ADA06C459B000CB4D
SHA256:C48E42E9AB4E25B92C43A7B0416D463B9FF7C69541E4623A39513BC98085F424
2672OpenWith.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.dbbinary
MD5:2A8875D2AF46255DB8324AAD9687D0B7
SHA256:54097CCCAE0CFCE5608466BA5A5CA2A3DFEAC536964EEC532540F3B837F5A7C7
2672OpenWith.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.dbbinary
MD5:419A089E66B9E18ADA06C459B000CB4D
SHA256:C48E42E9AB4E25B92C43A7B0416D463B9FF7C69541E4623A39513BC98085F424
2672OpenWith.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.dbbinary
MD5:D192F7C343602D02E3E020807707006E
SHA256:BB4D233C90BDBEE6EF83E40BFF1149EA884EFA790B3BEF496164DF6F90297C48
2672OpenWith.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.dbbinary
MD5:54CD83F93EBFD2D11588E9CC9B1A7A51
SHA256:96F4B3E7AA32697695B0E816EF0F676F020EF9E6DC5D74409209D15947AA52CE
2672OpenWith.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.dbbinary
MD5:AE6FBDED57F9F7D048B95468DDEE47CA
SHA256:D3C9D1FF7B54B653C6A1125CAC49F52070338A2DD271817BBA8853E99C0F33A9
2672OpenWith.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.dbbinary
MD5:7A00F6804FBEE4298EFC896075173882
SHA256:3C0EB1FF4199D830398606076A12459EC0E3B516DEAA70A6AE0E5DDBB5079946
2672OpenWith.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.dbbinary
MD5:0C18F4ED1C24A7C1ED29FE5018EF62A7
SHA256:77406F31901A701697B4C44BD47B61E154AEC5EAAB68AC23A95626C49E935FF5
2672OpenWith.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.dbbinary
MD5:2A8875D2AF46255DB8324AAD9687D0B7
SHA256:54097CCCAE0CFCE5608466BA5A5CA2A3DFEAC536964EEC532540F3B837F5A7C7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
55
DNS requests
53
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7124
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6440
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
6384
powershell.exe
GET
200
172.67.74.152:80
http://api.ipify.org/
unknown
malicious
3092
chrome.exe
GET
200
74.125.162.198:80
http://r1---sn-4g5ednds.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&met=1735939526,&mh=e_&mip=181.214.173.40&mm=28&mn=sn-4g5ednds&ms=nvh&mt=1735939216&mv=m&mvi=1&pl=24&rms=nvh,nvh&shardbypass=sd&smhost=r4---sn-4g5edndd.gvt1.com
unknown
whitelisted
3092
chrome.exe
GET
302
142.250.186.174:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
7124
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
6072
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5064
SearchApp.exe
2.23.227.208:443
www.bing.com
Ooredoo Q.S.C.
QA
whitelisted
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1076
svchost.exe
184.28.89.167:443
go.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 142.250.181.238
whitelisted
www.bing.com
  • 2.23.227.208
  • 2.23.227.215
whitelisted
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
login.live.com
  • 40.126.32.68
  • 40.126.32.140
  • 20.190.160.17
  • 20.190.160.14
  • 40.126.32.133
  • 40.126.32.74
  • 40.126.32.76
  • 40.126.32.136
  • 20.190.159.23
  • 20.190.159.75
  • 20.190.159.73
  • 40.126.31.67
  • 40.126.31.73
  • 40.126.31.69
  • 20.190.159.64
  • 20.190.159.71
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
api.ipify.org
  • 172.67.74.152
  • 104.26.13.205
  • 104.26.12.205
shared

Threats

PID
Process
Class
Message
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
6384
powershell.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup api.ipify.org
6384
powershell.exe
Device Retrieving External IP Address Detected
POLICY [ANY.RUN] External IP Lookup by HTTP (api .ipify .org)
6384
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
3092
chrome.exe
Potentially Bad Traffic
ET INFO Observed IP Tracking Domain (grabify .link in TLS SNI)
3092
chrome.exe
Potentially Bad Traffic
ET INFO Observed IP Tracking Domain (grabify .link in TLS SNI)
6384
powershell.exe
Device Retrieving External IP Address Detected
SUSPICIOUS [ANY.RUN] An IP address was received from the server as a result of an HTTP request
Process
Message
chrome.exe
[0103/212524.673:ERROR:crash_report_database_win.cc(613)] CreateDirectory C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Crashpad: The system cannot find the path specified. (0x3)
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
pet pet 2.exe