File name:

Trojan;Win32.Krotten.B.exe

Full analysis: https://app.any.run/tasks/e5b52da0-aa8b-4044-9595-9e2c0f4ff79e
Verdict: Malicious activity
Analysis date: June 19, 2024, 22:00:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

87CCD6F4EC0E6B706D65550F90B0E3C7

SHA1:

213E6624BFF6064C016B9CDC15D5365823C01F5F

SHA256:

E79F164CCC75A5D5C032B4C5A96D6AD7604FAFFB28AFE77BC29B9173FA3543E4

SSDEEP:

768:4yKoNLsn4Jp9ZvRInygrpMoZN+WtOl08jxBEHCDwBLpZTPCUvQK:j/sn4/OycxZN+MKxp8t9zQK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Trojan;Win32.Krotten.B.exe (PID: 3332)

    • Disables Windows System Restore

      • Trojan;Win32.Krotten.B.exe (PID: 3332)

    • Changes the autorun value in the registry

      • Trojan;Win32.Krotten.B.exe (PID: 3332)

  • SUSPICIOUS

    • Changes the Home page of Internet Explorer

      • Trojan;Win32.Krotten.B.exe (PID: 3332)

    • Changes the title of the Internet Explorer window

      • Trojan;Win32.Krotten.B.exe (PID: 3332)

    • The process executes via Task Scheduler

      • ctfmon.exe (PID: 1624)
      • sipnotify.exe (PID: 1456)

    • Reads the Internet Settings

      • sipnotify.exe (PID: 1456)

    • Reads settings of System Certificates

      • sipnotify.exe (PID: 1456)

  • INFO

    • Reads the computer name

      • wmpnscfg.exe (PID: 3344)
      • Trojan;Win32.Krotten.B.exe (PID: 3332)
      • IMEKLMG.EXE (PID: 292)
      • IMEKLMG.EXE (PID: 1504)
      • wmpnscfg.exe (PID: 2316)
      • wmpnscfg.exe (PID: 2296)

    • Checks supported languages

      • wmpnscfg.exe (PID: 3344)
      • Trojan;Win32.Krotten.B.exe (PID: 3332)
      • IMEKLMG.EXE (PID: 292)
      • IMEKLMG.EXE (PID: 1504)
      • wmpnscfg.exe (PID: 2296)
      • wmpnscfg.exe (PID: 2316)

    • Reads security settings of Internet Explorer

      • sipnotify.exe (PID: 1456)

    • Manual execution by a user

      • IMEKLMG.EXE (PID: 292)
      • IMEKLMG.EXE (PID: 1504)
      • wmpnscfg.exe (PID: 2296)
      • chrome.exe (PID: 2444)
      • wmpnscfg.exe (PID: 2316)

    • Process checks whether UAC notifications are on

      • IMEKLMG.EXE (PID: 1504)
      • IMEKLMG.EXE (PID: 292)

    • Reads the software policy settings

      • sipnotify.exe (PID: 1456)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 3856)

    • Application launched itself

      • chrome.exe (PID: 2444)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 3856)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (35.8)
.exe | Win64 Executable (generic) (31.7)
.scr | Windows screen saver (15)
.dll | Win32 Dynamic Link Library (generic) (7.5)
.exe | Win32 Executable (generic) (5.1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2004:04:05 13:17:12+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 5.12
CodeSize: 19456
InitializedDataSize: 101376
UninitializedDataSize: -
EntryPoint: 0x37c7
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
104
Monitored processes
20
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start trojan;win32.krotten.b.exe ctfmon.exe no specs sipnotify.exe imeklmg.exe no specs imeklmg.exe no specs wmpnscfg.exe no specs wmpnscfg.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
292"C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE" /SetPreload /JPN /LogC:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Office IME 2010
Exit code:
1
Version:
14.0.4734.1000
Modules
Images
c:\program files\common files\microsoft shared\ime14\shared\imeklmg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\userenv.dll
1456C:\Windows\system32\sipnotify.exe -LogonOrUnlockC:\Windows\System32\sipnotify.exe
taskeng.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
sipnotify
Exit code:
0
Version:
6.1.7602.20480 (win7sp1_ldr_escrow.191010-1716)
Modules
Images
c:\windows\system32\sipnotify.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1504"C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE" /SetPreload /KOR /LogC:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Office IME 2010
Exit code:
1
Version:
14.0.4734.1000
Modules
Images
c:\program files\common files\microsoft shared\ime14\shared\imeklmg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\userenv.dll
1624C:\Windows\System32\ctfmon.exe C:\Windows\System32\ctfmon.exetaskeng.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
CTF Loader
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ctfmon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctfmonitor.dll
c:\windows\system32\msctf.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
2296"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2316"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2444"C:\Program Files\Google\Chrome\Application\chrome.exe" "--disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2464"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e918b38,0x6e918b48,0x6e918b54C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2604"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1096,i,18261862919355807358,17700216969843858103,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2612"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=1344 --field-trial-handle=1096,i,18261862919355807358,17700216969843858103,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
7 065
Read events
6 970
Write events
91
Delete events
4

Modification events

(PID) Process:(3332) Trojan;Win32.Krotten.B.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Operation:writeName:DisableTaskMgr
Value:
1
(PID) Process:(3332) Trojan;Win32.Krotten.B.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Operation:writeName:DisableRegistryTools
Value:
1
(PID) Process:(3332) Trojan;Win32.Krotten.B.exeKey:HKEY_CURRENT_USER\Control Panel\Desktop
Operation:writeName:WallpaperOriginX
Value:
210
(PID) Process:(3332) Trojan;Win32.Krotten.B.exeKey:HKEY_CURRENT_USER\Control Panel\Desktop
Operation:writeName:WallpaperOriginY
Value:
187
(PID) Process:(3332) Trojan;Win32.Krotten.B.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:NoViewContextMenu
Value:
1
(PID) Process:(3332) Trojan;Win32.Krotten.B.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Operation:writeName:Start_ShowRun
Value:
0
(PID) Process:(3332) Trojan;Win32.Krotten.B.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN
Operation:writeName:Window title
Value:
:::::::::::::::::: ÌÎÉ ÕÓÉ ÏÐÎÒÓÕ À ÏÈÇÄÀ ÃÍÈÅÒ ::::::::::::::::::
(PID) Process:(3332) Trojan;Win32.Krotten.B.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN
Operation:writeName:Start Page
Value:
http://poetry.rotten.com/lightning/
(PID) Process:(3332) Trojan;Win32.Krotten.B.exeKey:HKEY_CURRENT_USER\Control Panel\Desktop
Operation:writeName:MenuShowDelay
Value:
9999
(PID) Process:(3332) Trojan;Win32.Krotten.B.exeKey:HKEY_CURRENT_USER\Control Panel\International
Operation:writeName:sTimeFormat
Value:
ÕÓÉ
Executable files
1
Suspicious files
92
Text files
36
Unknown types
3

Dropped files

PID
Process
Filename
Type
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF77c0.TMP
MD5:
SHA256:
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
1456sipnotify.exeC:\Users\admin\AppData\Local\microsoft\windows\SipNotify\eoscontent\styles.csstext
MD5:3383EEF350240253D7C2C2564381B3CB
SHA256:85443493D86D6D7FB0E07BC9705DFC9C858086FBA1B0E508092AB328D5F145E8
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:9C016064A1F864C8140915D77CF3389A
SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
1456sipnotify.exeC:\Users\admin\AppData\Local\microsoft\windows\SipNotify\eoscontent\microsoft-logo.pngimage
MD5:B7C73A0CFBA68CC70C35EF9C63703CE4
SHA256:1D8B27A0266FF526CF95447F3701592A908848467D37C09A00A2516C1F29A013
1456sipnotify.exeC:\Users\admin\AppData\Local\microsoft\windows\SipNotify\eoscontent\metadata.jsonbinary
MD5:E8A970BA6CE386EED9A5E724F26212A6
SHA256:7E06107D585D8FC7870998F3856DCC3E35800AA97E4406AAB83BC8444B6CBDE3
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF77c0.TMPtext
MD5:358570F689377CE6838812643E03734B
SHA256:5B41FCC2E1A843AEAB9437B06E27B798870FF10D86A51B163BF48862BCD32590
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:825B582C78EC88D54C215EFDF1EAD639
SHA256:367995D01A8F13E5C30C79499F86B034775BFD009D83DC97635DE438D47DFA37
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF77c0.TMPtext
MD5:ECD3386BCC950E73B86EB128A5F57622
SHA256:C9A068EAFBC587EDFC89392F64DDD350EEB96C5CF195CDB030BAB8F6DD33833B
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF7a60.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
33
DNS requests
22
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
304
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
unknown
1456
sipnotify.exe
HEAD
200
23.197.138.118:80
http://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2JgkA?v=133633116624840000
unknown
unknown
GET
200
2.19.126.146:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
884
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3
unknown
unknown
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
884
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3
unknown
unknown
884
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3
unknown
unknown
884
svchost.exe
GET
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3
unknown
unknown
884
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3
unknown
unknown
884
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2564
svchost.exe
239.255.255.250:3702
unknown
1372
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
2.19.126.137:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
2.19.126.146:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
unknown
1092
svchost.exe
224.0.0.252:5355
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
ctldl.windowsupdate.com
  • 2.19.126.137
  • 2.19.126.163
whitelisted
crl.microsoft.com
  • 2.19.126.146
  • 2.19.126.133
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
query.prod.cms.rt.microsoft.com
  • 23.197.138.118
whitelisted
clientservices.googleapis.com
  • 142.250.185.99
whitelisted
accounts.google.com
  • 108.177.15.84
shared
www.google.com
  • 142.250.185.68
whitelisted
update.googleapis.com
  • 142.250.184.195
  • 142.250.184.227
unknown
www.googleapis.com
  • 216.58.212.138
  • 172.217.16.202
  • 172.217.16.138
  • 216.58.206.74
  • 142.250.74.202
  • 142.250.185.234
  • 142.250.186.42
  • 142.250.181.234
  • 142.250.185.74
  • 142.250.184.202
  • 142.250.186.106
  • 142.250.185.106
  • 142.250.186.170
  • 142.250.186.138
  • 172.217.18.10
  • 142.250.184.234
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Trojan;Win32.Krotten.B.exe