File name:

Ultimate Windows Tweaker Pack.rar

Full analysis: https://app.any.run/tasks/895b3a62-3fe3-4feb-b876-3274f384cb7d
Verdict: Malicious activity
Analysis date: June 01, 2024, 14:11:56
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

CE43620F81C1AC6644A6694B8CF3F00F

SHA1:

CD60E000D8F41D05D5D6404F556F52CB3B4AFF45

SHA256:

E1C803F0488A0B4E9E1B47FDCA446732790AA2FA24057158D189C6D4502D261B

SSDEEP:

24576:7SWSpXbv6+qEgx7JCqAoDGHg+bndWq75nfPYQv1:7tSpXbv6+qEgx7JZAoDGHjdWq75nfPYI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3976)

    • Starts NET.EXE to view/add/change user profiles

      • net.exe (PID: 3928)
      • cmd.exe (PID: 3676)
      • net.exe (PID: 3700)
      • cmd.exe (PID: 1640)

    • Changes Windows Error Reporting flag

      • Ultimate Windows Tweaker.exe (PID: 1368)

    • Disables the Command Prompt (cmd)

      • Ultimate Windows Tweaker.exe (PID: 1368)

    • Changes the autorun value in the registry

      • Ultimate Windows Tweaker.exe (PID: 1368)

  • SUSPICIOUS

    • Executes as Windows Service

      • VSSVC.exe (PID: 2188)

    • Searches for installed software

      • dllhost.exe (PID: 2136)

    • Starts CMD.EXE for commands execution

      • Ultimate Windows Tweaker.exe (PID: 1368)

    • Reads the Internet Settings

      • Ultimate Windows Tweaker.exe (PID: 1368)

    • Reads the Windows owner or organization settings

      • Ultimate Windows Tweaker.exe (PID: 1368)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2244)
      • msedge.exe (PID: 3080)
      • msedge.exe (PID: 2796)
      • WinRAR.exe (PID: 2732)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3976)
      • WinRAR.exe (PID: 2244)
      • WinRAR.exe (PID: 2732)

    • Checks supported languages

      • Ultimate Windows Tweaker 4.8.exe (PID: 2464)
      • Ultimate Windows Tweaker 4.8.exe (PID: 2664)
      • Ultimate Windows Tweaker 4.8.exe (PID: 1028)
      • wmpnscfg.exe (PID: 3816)
      • Ultimate Windows Tweaker.exe (PID: 1368)

    • Reads the computer name

      • Ultimate Windows Tweaker 4.8.exe (PID: 2464)
      • Ultimate Windows Tweaker 4.8.exe (PID: 2664)
      • Ultimate Windows Tweaker 4.8.exe (PID: 1028)
      • wmpnscfg.exe (PID: 3816)
      • Ultimate Windows Tweaker.exe (PID: 1368)

    • Manual execution by a user

      • Ultimate Windows Tweaker 4.8.exe (PID: 2464)
      • notepad.exe (PID: 2188)
      • Ultimate Windows Tweaker 4.8.exe (PID: 1928)
      • WinRAR.exe (PID: 2244)
      • Ultimate Windows Tweaker 4.8.exe (PID: 2548)
      • Ultimate Windows Tweaker 4.8.exe (PID: 2664)
      • Ultimate Windows Tweaker 4.8.exe (PID: 1240)
      • Ultimate Windows Tweaker 4.8.exe (PID: 1028)
      • msedge.exe (PID: 2796)
      • wmpnscfg.exe (PID: 3816)
      • Ultimate Windows Tweaker.exe (PID: 4056)
      • Ultimate Windows Tweaker.exe (PID: 1368)
      • cmd.exe (PID: 3784)
      • notepad.exe (PID: 3848)

    • Reads the machine GUID from the registry

      • Ultimate Windows Tweaker 4.8.exe (PID: 2464)
      • Ultimate Windows Tweaker 4.8.exe (PID: 2664)
      • Ultimate Windows Tweaker.exe (PID: 1368)
      • Ultimate Windows Tweaker 4.8.exe (PID: 1028)

    • Application launched itself

      • msedge.exe (PID: 2796)

    • The process uses the downloaded file

      • msedge.exe (PID: 2264)
      • WinRAR.exe (PID: 2732)

    • Reads the time zone

      • net1.exe (PID: 3804)
      • net1.exe (PID: 2524)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
126
Monitored processes
64
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe winrar.exe ultimate windows tweaker 4.8.exe no specs ultimate windows tweaker 4.8.exe notepad.exe no specs ultimate windows tweaker 4.8.exe no specs ultimate windows tweaker 4.8.exe ultimate windows tweaker 4.8.exe no specs ultimate windows tweaker 4.8.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs ultimate windows tweaker.exe no specs ultimate windows tweaker.exe cmd.exe no specs net.exe no specs net1.exe no specs cmd.exe no specs net.exe no specs net1.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs SPPSurrogate no specs vssvc.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs msedge.exe no specs cmd.exe no specs notepad.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
368"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2216 --field-trial-handle=1320,i,10556659830748864886,15191428959325626163,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
692"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=1164 --field-trial-handle=1320,i,10556659830748864886,15191428959325626163,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1020"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3956 --field-trial-handle=1320,i,10556659830748864886,15191428959325626163,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1024"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3984 --field-trial-handle=1320,i,10556659830748864886,15191428959325626163,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1028"C:\Users\admin\Desktop\Ultimate Windows Tweaker 4.8\Ultimate Windows Tweaker 4.8.exe" C:\Users\admin\Desktop\Ultimate Windows Tweaker 4.8\Ultimate Windows Tweaker 4.8.exe
explorer.exe
User:
admin
Company:
The Windows Club
Integrity Level:
HIGH
Description:
Ultimate Windows Tweaker 4.8
Exit code:
0
Version:
4.8.0.0
Modules
Images
c:\users\admin\desktop\ultimate windows tweaker 4.8\ultimate windows tweaker 4.8.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1080"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3980 --field-trial-handle=1320,i,10556659830748864886,15191428959325626163,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1184"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=2132 --field-trial-handle=1320,i,10556659830748864886,15191428959325626163,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1240"C:\Users\admin\Desktop\Ultimate Windows Tweaker 4.8\Ultimate Windows Tweaker 4.8.exe" C:\Users\admin\Desktop\Ultimate Windows Tweaker 4.8\Ultimate Windows Tweaker 4.8.exeexplorer.exe
User:
admin
Company:
The Windows Club
Integrity Level:
MEDIUM
Description:
Ultimate Windows Tweaker 4.8
Exit code:
3221226540
Version:
4.8.0.0
Modules
Images
c:\users\admin\desktop\ultimate windows tweaker 4.8\ultimate windows tweaker 4.8.exe
c:\windows\system32\ntdll.dll
1284"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4152 --field-trial-handle=1320,i,10556659830748864886,15191428959325626163,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1368"C:\Users\admin\Desktop\UWT v2.2\Ultimate Windows Tweaker.exe" C:\Users\admin\Desktop\UWT v2.2\Ultimate Windows Tweaker.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Ultimate Windows Tweaker
Version:
2.2.0.0
Modules
Images
c:\users\admin\desktop\uwt v2.2\ultimate windows tweaker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
24 957
Read events
23 855
Write events
396
Delete events
706

Modification events

(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3976) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Ultimate Windows Tweaker Pack.rar
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
5
Suspicious files
268
Text files
60
Unknown types
2

Dropped files

PID
Process
Filename
Type
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.43908\Ultimate Windows Tweaker Pack\Cleaner\ATF-Cleaner.exeexecutable
MD5:D9DE89F0FAF18019BC9595F0F47BCA61
SHA256:E900D883001EC60353C2E8E1A54E1C5948A11513FFFAFBD5A28B44C1E319677A
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.43908\Ultimate Windows Tweaker Pack\RAM Optimization\10GB Ram.regtext
MD5:CBBB45ADC94C614A7A396BB4B28197D6
SHA256:15CECEE26EA3504B8F97B467C442E850DC5B02A4A3C207F2E98FFE008AE54135
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.43908\Ultimate Windows Tweaker Pack\RAM Optimization\24GB Ram.regtext
MD5:B61F3A91476B5471AC43CB3CCB7855A8
SHA256:C2BBE087C8FD2F56B58700C7F8EE19525855EF5BFA4DD9A7DD315E99C38EDFEF
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.43908\Ultimate Windows Tweaker Pack\For Windows 10\UWT4.zipcompressed
MD5:E668044896AEAF341E15F441F7C2A4FD
SHA256:A3D95804F4BB62D1618DDE448F0F2F2E6073ED660F1F96D88CA41EE368CEFE6A
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.43908\Ultimate Windows Tweaker Pack\RAM Optimization\128GB Ram.regtext
MD5:2F1317154D7427F2D1D3D2C743C4998F
SHA256:84A4F2A7D783243354715AFF1987D8A1DE8B71B744D272C685B2B3A721CBFE16
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.43908\Ultimate Windows Tweaker Pack\RAM Optimization\16GB Ram.regtext
MD5:0B237013DEED49B23D7BC554428C61BD
SHA256:CF8B50BF2584488ADF9A629A3980BA6149A16131B73F1EDF0571B06C7CD35B9B
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.43908\Ultimate Windows Tweaker Pack\RAM Optimization\48GB Ram.regtext
MD5:5F74951E5CEAE31DEC1BFA65EB737F67
SHA256:7379D6819A0CCD37E0688FE0B38B237E70F435E6519736B14C77CACEDCE105CA
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.43908\Ultimate Windows Tweaker Pack\RAM Optimization\32GB Ram.regtext
MD5:29186A04BE817E30958581088F3A7AF8
SHA256:22549909E0D318C4A5F4A810D02E6E0802E29E278A31935C0B971E9F6A8ADCC8
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.43908\Ultimate Windows Tweaker Pack\RAM Optimization\Reset to Default.regtext
MD5:5D01EC50C89FD7D1B4D365672343AFC4
SHA256:4E5170928E923E6FDAA3A8716733DC2792ACFA54DA88C14C80F9E9F99FB44938
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.43908\Ultimate Windows Tweaker Pack\RAM Optimization\4GB Ram.regtext
MD5:6F509173C763E3A7F2C223B97A236BFD
SHA256:EEA38478E7E353223AD8D63C6C64613955B3801FF48087DAC1941BE8CB2AD8F1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
245
DNS requests
296
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3080
msedge.exe
GET
200
192.229.221.95:80
http://cacerts.rapidssl.com/RapidSSLTLSRSACAG1.crt
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
3080
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3080
msedge.exe
172.67.73.191:443
www.thewindowsclub.com
CLOUDFLARENET
US
unknown
3080
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2796
msedge.exe
239.255.255.250:1900
unknown
3080
msedge.exe
172.67.199.186:443
privacy.gatekeeperconsent.com
CLOUDFLARENET
US
unknown
3080
msedge.exe
142.250.185.136:443
www.googletagmanager.com
GOOGLE
US
unknown
3080
msedge.exe
216.58.206.78:443
www.youtube.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
www.thewindowsclub.com
  • 172.67.73.191
  • 104.26.6.120
  • 104.26.7.120
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
privacy.gatekeeperconsent.com
  • 172.67.199.186
  • 104.21.42.32
unknown
www.googletagmanager.com
  • 142.250.185.136
whitelisted
player.anyclip.com
  • 178.79.242.139
unknown
www.youtube.com
  • 216.58.206.78
  • 142.250.185.110
  • 172.217.18.14
  • 142.250.181.238
  • 142.250.186.78
  • 142.250.185.142
  • 142.250.185.78
  • 142.250.184.206
  • 142.250.185.174
  • 142.250.184.238
  • 142.250.185.206
  • 142.250.185.238
  • 172.217.16.142
  • 216.58.206.46
  • 142.250.186.46
  • 216.58.212.174
whitelisted
go.ezoic.net
  • 108.156.60.15
  • 108.156.60.71
  • 108.156.60.53
  • 108.156.60.42
shared
go.ezodn.com
  • 188.114.97.3
  • 188.114.96.3
unknown
reviews.thewindowsclub.com
  • 104.26.6.120
  • 172.67.73.191
  • 104.26.7.120
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Ultimate Windows Tweaker Pack.rar