File name:

IASL.cmd

Full analysis: https://app.any.run/tasks/0e05d252-096c-4c35-94cb-2b9e781f6367
Verdict: Malicious activity
Analysis date: June 14, 2025, 15:32:03
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
idm
tool
arch-scr
auto
generic
arch-exec
arch-doc
Indicators:
MIME: text/x-msdos-batch
File info: DOS batch file, Unicode text, UTF-8 text, with escape sequences
MD5:

F9D919EB7BE54B65D3D1AB64E3259AC1

SHA1:

7573683B1C4FA0735FBEC66952074C27EA9ADC95

SHA256:

E9404D07F95003F1A3E2A2F3EB37455529C9B3CC2A383FC3194B941DCFB0EAD6

SSDEEP:

192:HPlIGDENw3gLVODRqzXlWpYBZdSiNdLvZC1SzUG6BmtPJnt2vC96veoA6jeBOrCF:HPrQw3gLVO1qopY7dSsZC1X49Iyk8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • IDM1.tmp (PID: 7892)
      • IDMan.exe (PID: 7472)
      • Uninstall.exe (PID: 8152)
      • IDMan.exe (PID: 8112)

    • GENERIC has been found (auto)

      • rundll32.exe (PID: 4648)
      • drvinst.exe (PID: 3620)

    • Starts NET.EXE for service management

      • Uninstall.exe (PID: 8152)
      • net.exe (PID: 416)

  • SUSPICIOUS

    • Uses ICACLS.EXE to modify access control lists

      • cmd.exe (PID: 2032)
      • cmd.exe (PID: 6684)
      • cmd.exe (PID: 6016)
      • cmd.exe (PID: 536)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 2032)
      • wscript.exe (PID: 6896)
      • wscript.exe (PID: 6540)
      • cmd.exe (PID: 536)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 640)
      • cmd.exe (PID: 3768)
      • cmd.exe (PID: 1200)

    • Starts application with an unusual extension

      • cmd.exe (PID: 2032)
      • idman642build41.exe (PID: 7904)
      • cmd.exe (PID: 536)

    • Application launched itself

      • cmd.exe (PID: 2032)
      • cmd.exe (PID: 536)
      • WinRAR.exe (PID: 6700)

    • Runs shell command (SCRIPT)

      • wscript.exe (PID: 6896)

    • The process executes VB scripts

      • cmd.exe (PID: 6684)
      • cmd.exe (PID: 6016)

    • Uses RUNDLL32.EXE to load library

      • Uninstall.exe (PID: 8152)

    • Executable content was dropped or overwritten

      • rundll32.exe (PID: 4648)
      • IDMan.exe (PID: 7472)
      • drvinst.exe (PID: 3620)
      • cmd.exe (PID: 536)

    • Executing commands from a ".bat" file

      • wscript.exe (PID: 6896)

    • Drops a system driver (possible attempt to evade defenses)

      • rundll32.exe (PID: 4648)
      • drvinst.exe (PID: 3620)

    • Executing commands from ".cmd" file

      • wscript.exe (PID: 6540)

    • Hides command output

      • cmd.exe (PID: 4048)
      • cmd.exe (PID: 4832)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 4048)
      • cmd.exe (PID: 4832)
      • cmd.exe (PID: 536)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 536)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 536)

  • INFO

    • Starts MODE.COM to configure console settings

      • mode.com (PID: 4968)
      • mode.com (PID: 3888)
      • mode.com (PID: 6172)
      • mode.com (PID: 7244)

    • Checks supported languages

      • mode.com (PID: 4968)
      • mode.com (PID: 3888)
      • chcp.com (PID: 3028)
      • curl.exe (PID: 4968)
      • idman642build41.exe (PID: 7904)
      • IDM1.tmp (PID: 7892)

    • Reads the computer name

      • curl.exe (PID: 4968)
      • idman642build41.exe (PID: 7904)

    • Create files in a temporary directory

      • curl.exe (PID: 4968)
      • idman642build41.exe (PID: 7904)

    • Execution of CURL command

      • cmd.exe (PID: 2032)
      • cmd.exe (PID: 536)

    • Application launched itself

      • firefox.exe (PID: 536)
      • firefox.exe (PID: 432)
      • firefox.exe (PID: 7900)
      • firefox.exe (PID: 6312)
      • firefox.exe (PID: 5012)
      • msedge.exe (PID: 4768)

    • Manual execution by a user

      • firefox.exe (PID: 432)
      • idman642build41.exe (PID: 7364)
      • idman642build41.exe (PID: 7904)
      • firefox.exe (PID: 7900)
      • firefox.exe (PID: 5012)
      • WinRAR.exe (PID: 3924)
      • cmd.exe (PID: 6016)
      • msedge.exe (PID: 4768)
      • IDMan.exe (PID: 7732)
      • WinRAR.exe (PID: 6700)

    • Launching a file from the Downloads directory

      • firefox.exe (PID: 536)
      • firefox.exe (PID: 6312)

    • The sample compiled with english language support

      • firefox.exe (PID: 536)
      • rundll32.exe (PID: 4648)
      • firefox.exe (PID: 6312)
      • IDMan.exe (PID: 7472)
      • drvinst.exe (PID: 3620)
      • WinRAR.exe (PID: 3924)
      • cmd.exe (PID: 536)

    • Reads Microsoft Office registry keys

      • firefox.exe (PID: 536)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 536)
      • WinRAR.exe (PID: 3924)

    • Changes the display of characters in the console

      • cmd.exe (PID: 2032)
      • cmd.exe (PID: 536)

    • INTERNETDOWNLOADMANAGER mutex has been found

      • idman642build41.exe (PID: 7904)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
318
Monitored processes
161
Malicious processes
10
Suspicious processes
4

Behavior graph

Click at the process to see the details
start cmd.exe no specs conhost.exe no specs mode.com no specs cacls.exe no specs wscript.exe no specs cmd.exe conhost.exe no specs mode.com no specs cacls.exe no specs chcp.com no specs curl.exe cmd.exe no specs findstr.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs rundll32.exe no specs idman642build41.exe no specs idman642build41.exe idm1.tmp no specs slui.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs idmbroker.exe no specs idman.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs uninstall.exe no specs #GENERIC rundll32.exe #GENERIC drvinst.exe drvinst.exe no specs runonce.exe no specs grpconv.exe no specs firefox.exe no specs firefox.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs regsvr32.exe no specs regsvr32.exe no specs mediumilstart.exe no specs idman.exe no specs regsvr32.exe no specs regsvr32.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs winrar.exe cmd.exe no specs conhost.exe no specs mode.com no specs cacls.exe no specs wscript.exe no specs cmd.exe conhost.exe no specs mode.com no specs cacls.exe no specs chcp.com no specs ping.exe no specs curl.exe cmd.exe no specs findstr.exe no specs curl.exe cmd.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs reg.exe no specs timeout.exe no specs timeout.exe no specs cmd.exe no specs reg.exe no specs timeout.exe no specs taskkill.exe no specs regedit.exe no specs reg.exe no specs reg.exe no specs regedit.exe no specs timeout.exe no specs idman.exe winrar.exe no specs winrar.exe msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs shellexperiencehost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs searchapp.exe

Process information

PID
CMD
Path
Indicators
Parent process
416"C:\Windows\System32\net.exe" start IDMWFPC:\Windows\SysWOW64\net.exeUninstall.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\net.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
432"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
c:\windows\system32\bcrypt.dll
c:\program files\mozilla firefox\vcruntime140.dll
536"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
536"C:\WINDOWS\System32\cmd.exe" /C "C:\Users\admin\DOWNLO~1\IDM-AC~1\IDM-AC~1\IASL.cmd" C:\Windows\System32\cmd.exe
wscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
3221225786
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
640C:\WINDOWS\system32\cmd.exe /c findstr /i "tag_name" "C:\Users\admin\AppData\Local\Temp\latest_release.json"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
864"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=8084,i,4756552329492556014,9324361560597647220,262144 --variations-seed-version --mojo-platform-channel-handle=8128 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1200C:\WINDOWS\system32\cmd.exe /c findstr /i "<H3>What's new in version" "C:\Users\admin\AppData\Local\Temp\idm_news.html" | findstr /r /c:"Build [0-9]*"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
1204regedit /s "C:\Users\admin\DOWNLO~1\IDM-AC~1\IDM-AC~1\src\extensions.bin"C:\Windows\regedit.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Editor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\regedit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\gdi32.dll
1208"C:\Windows\System32\grpconv.exe" -oC:\Windows\System32\grpconv.exerunonce.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Progman Group Converter
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\grpconv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1268findstr /i "tag_name" "C:\Users\admin\AppData\Local\Temp\latest_release.json"C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
82 480
Read events
81 319
Write events
977
Delete events
184

Modification events

(PID) Process:(6684) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vbs\OpenWithProgids
Operation:writeName:VBSFile
Value:
(PID) Process:(6684) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6684) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6684) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6684) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6896) wscript.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\WINDOWS\System32\cmd.exe.FriendlyAppName
Value:
Windows Command Processor
(PID) Process:(6896) wscript.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\WINDOWS\System32\cmd.exe.ApplicationCompany
Value:
Microsoft Corporation
(PID) Process:(536) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(7892) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager
Operation:writeName:UninstallString
Value:
C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
(PID) Process:(7892) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager
Operation:writeName:DisplayName
Value:
Internet Download Manager
Executable files
63
Suspicious files
1 413
Text files
427
Unknown types
31

Dropped files

PID
Process
Filename
Type
536firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
536firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
536firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.jstext
MD5:57979E33510BB12EFCB06B9FC83E939F
SHA256:0D3E6E5B0BEF63512826FF39DC39D1BA7B1DBAB7763B482D2B5E2BDA5A9743FF
4968curl.exeC:\Users\admin\AppData\Local\Temp\latest_release.jsonbinary
MD5:6991101047722B7E191CB89318D52D77
SHA256:C9B32693A953A9FACD52BCF12047870848F04566ED7CF2896B350B4B57742389
536firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
536firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
536firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:3134ED3F12E4F4F8643DB90043B0FD7B
SHA256:26E4F122034D7A03F6DA0E707799B09CBEEBDAF8D7A3133A1F7BD894AC72EEA1
536firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
6684cmd.exeC:\Users\admin\AppData\Local\Temp\getadmin.vbstext
MD5:D14A6C18536B08C2D91CC10129CEC2CA
SHA256:88F0E55BE41422957E8F4FEC8CAF0F9ED4E68D1F0290171BA8F4BD26C19FA17D
536firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
88
TCP/UDP connections
331
DNS requests
407
Threats
17

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
764
lsass.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPlNxcMEqnlIVyH5VuZ4lawhZX3QQU9oUKOxGG4QR9DqoLLNLuzGR7e64CECoW9cIBGAf3CpJj3Tw5qfI%3D
unknown
whitelisted
536
firefox.exe
POST
200
142.250.186.99:80
http://o.pki.goog/we2
unknown
whitelisted
764
lsass.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEFZnHQTqT5lMbxCBR1nSdZQ%3D
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
536
firefox.exe
POST
200
142.250.186.99:80
http://o.pki.goog/we2
unknown
whitelisted
536
firefox.exe
POST
200
216.58.206.67:80
http://o.pki.goog/s/wr3/FIY
unknown
whitelisted
536
firefox.exe
POST
200
2.16.168.113:80
http://r11.o.lencr.org/
unknown
whitelisted
536
firefox.exe
POST
200
216.58.206.67:80
http://o.pki.goog/s/wr3/3H4
unknown
whitelisted
536
firefox.exe
POST
200
2.16.168.113:80
http://r11.o.lencr.org/
unknown
whitelisted
536
firefox.exe
POST
200
216.58.206.67:80
http://o.pki.goog/s/wr3/3H4
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6216
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4968
curl.exe
140.82.121.6:443
api.github.com
GITHUB
US
whitelisted
764
lsass.exe
104.18.38.233:80
ocsp.comodoca.com
CLOUDFLARENET
whitelisted
4
System
192.168.100.255:138
whitelisted
536
firefox.exe
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE
US
whitelisted
536
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
536
firefox.exe
34.36.137.203:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
whitelisted
google.com
  • 142.250.186.46
  • 142.250.185.238
whitelisted
api.github.com
  • 140.82.121.6
  • 140.82.121.5
whitelisted
ocsp.comodoca.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
ocsp.usertrust.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
ocsp.sectigo.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
content-signature-2.cdn.mozilla.net
  • 34.160.144.191
whitelisted
content-signature-chains.prod.autograph.services.mozaws.net
  • 34.160.144.191
  • 2600:1901:0:92a9::
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
8052
msedge.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
8052
msedge.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
8052
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
8052
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
8052
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
8052
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
8052
msedge.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
IASL.cmd