File name:

Anonymous DoSer.exe

Full analysis: https://app.any.run/tasks/725b0aaf-601b-41ba-9b99-c43564287c45
Verdict: Malicious activity
Analysis date: November 11, 2024, 16:41:22
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

B86E117D120264BF7D165ED578843510

SHA1:

E58EABD02B51B5C2FF150EC45FDECF5430EE43CA

SHA256:

E94454D2825D2BF6A1580988162767D29AB0A73589AEE93FD9183D81FDD6C307

SSDEEP:

24576:D5VYrthSr8+N57IG+NIdpcayA7Z9y9Lswx5Xc61OiS6Q3GWRl5rUmj2yo:D5VYrthSr8+f7IG+NIdpcayA7Z9y9Ls8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Write to the desktop.ini file (may be used to cloak folders)

      • Anonymous DoSer.exe (PID: 1784)

    • Reads security settings of Internet Explorer

      • Anonymous DoSer.exe (PID: 1784)

    • Executable content was dropped or overwritten

      • Anonymous DoSer.exe (PID: 1784)
      • vbc.exe (PID: 6284)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 5832)
      • cmd.exe (PID: 5592)
      • cmd.exe (PID: 5596)
      • cmd.exe (PID: 5604)

    • The process executes VB scripts

      • Anonymous DoSer.exe (PID: 1784)

    • Starts CMD.EXE for commands execution

      • vbc.exe (PID: 6284)

    • Process drops legitimate windows executable

      • vbc.exe (PID: 6284)

    • Connects to unusual port

      • vbc.exe (PID: 6284)

    • Process uses IPCONFIG to get network configuration information

      • cmd.exe (PID: 6852)

  • INFO

    • Checks supported languages

      • Anonymous DoSer.exe (PID: 1784)
      • 622648417.exe (PID: 6028)
      • vbc.exe (PID: 6284)

    • Creates files or folders in the user directory

      • Anonymous DoSer.exe (PID: 1784)
      • vbc.exe (PID: 6284)

    • Reads the machine GUID from the registry

      • Anonymous DoSer.exe (PID: 1784)
      • 622648417.exe (PID: 6028)

    • Create files in a temporary directory

      • Anonymous DoSer.exe (PID: 1784)

    • Reads the computer name

      • Anonymous DoSer.exe (PID: 1784)
      • vbc.exe (PID: 6284)

    • Process checks computer location settings

      • Anonymous DoSer.exe (PID: 1784)

    • The process uses the downloaded file

      • Anonymous DoSer.exe (PID: 1784)

    • Manual execution by a user

      • firefox.exe (PID: 8180)
      • cmd.exe (PID: 6852)
      • firefox.exe (PID: 7212)

    • Application launched itself

      • firefox.exe (PID: 8180)
      • firefox.exe (PID: 6416)
      • firefox.exe (PID: 1440)
      • firefox.exe (PID: 7212)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (82.9)
.dll | Win32 Dynamic Link Library (generic) (7.4)
.exe | Win32 Executable (generic) (5.1)
.exe | Generic Win/DOS Executable (2.2)
.exe | DOS Executable Generic (2.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:08:29 12:30:22+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 609792
InitializedDataSize: 5120
UninitializedDataSize: -
EntryPoint: 0x96c5e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
188
Monitored processes
42
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start anonymous doser.exe 622648417.exe conhost.exe no specs vbc.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs dw20.exe firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs cmd.exe no specs conhost.exe no specs ipconfig.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1440REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /t REG_SZ /d "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger" /fC:\Windows\SysWOW64\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1440"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1744"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -parentBuildID 20240213221259 -sandboxingKind 0 -prefsHandle 5336 -prefMapHandle 5264 -prefsLen 36339 -prefMapSize 244343 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d358b283-2628-416e-91f9-a264723dd026} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 21c74975510 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
1
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1752"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5248 -parentBuildID 20240213221259 -sandboxingKind 0 -prefsHandle 5176 -prefMapHandle 3368 -prefsLen 35227 -prefMapSize 244343 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9b3e0ad-f2f9-4547-a8be-2533a020987a} 6416 "\\.\pipe\gecko-crash-server-pipe.6416" 1a43986d510 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
1
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1784"C:\Users\admin\AppData\Local\Temp\Anonymous DoSer.exe" C:\Users\admin\AppData\Local\Temp\Anonymous DoSer.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\anonymous doser.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
2068"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2920 -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2912 -prefsLen 31121 -prefMapSize 244343 -jsInitHandle 1476 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96df1c27-f236-4b7c-bfc9-781a0340cdf4} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 21c72058150 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2196"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5204 -childID 3 -isForBrowser -prefsHandle 5540 -prefMapHandle 5536 -prefsLen 31108 -prefMapSize 244343 -jsInitHandle 1476 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40da8cdf-885d-4914-a68e-9c1a067949c9} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 21c74fcd4d0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
3524"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4592 -childID 2 -isForBrowser -prefsHandle 4588 -prefMapHandle 4584 -prefsLen 36339 -prefMapSize 244343 -jsInitHandle 1476 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da015e8c-b312-4a6c-807b-86809ff36d2e} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 21c6ff22a10 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
4016"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5752 -childID 3 -isForBrowser -prefsHandle 5744 -prefMapHandle 5740 -prefsLen 31702 -prefMapSize 244343 -jsInitHandle 1412 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2832fa3d-6ae4-4ee9-a9ef-b7fe17462c39} 6416 "\\.\pipe\gecko-crash-server-pipe.6416" 1a43c4e7f50 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
4348"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6528 -childID 6 -isForBrowser -prefsHandle 6560 -prefMapHandle 6492 -prefsLen 31242 -prefMapSize 244343 -jsInitHandle 1476 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d776a47-bf5b-4100-b966-3713df424953} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 21c74fd7850 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
Total events
27 540
Read events
27 534
Write events
6
Delete events
0

Modification events

(PID) Process:(6284) vbc.exeKey:HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\SrvID\ID
Operation:writeName:XTPTR4URAU
Value:
spritesa'DDos
(PID) Process:(6284) vbc.exeKey:HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\INSTALL\DATE
Operation:writeName:XTPTR4URAU
Value:
November 11, 2024
(PID) Process:(4956) dw20.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
Operation:writeName:ClockTimeSeconds
Value:
F433326700000000
(PID) Process:(4956) dw20.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
Operation:writeName:TickCount
Value:
2E9D090000000000
(PID) Process:(1440) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(6416) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
Executable files
2
Suspicious files
240
Text files
39
Unknown types
5

Dropped files

PID
Process
Filename
Type
4956dw20.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_622648417.exe_a8b4a1b98488751ea776fb789d5e57bdbd488aa_00000000_772d9db3-7fb8-4884-a6fe-cad6252a77f8\Report.wer
MD5:
SHA256:
1440firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
1784Anonymous DoSer.exeC:\Users\admin\AppData\Local\VirtualStore\Windows\assembly\Desktop.inibinary
MD5:F7F759A5CD40BC52172E83486B6DE404
SHA256:A709C2551B8818D7849D31A65446DC2F8C4CCA2DCBBC5385604286F49CFDAF1C
6284vbc.exeC:\Users\admin\AppData\Roaming\spritesatext
MD5:DDB1E8E04D1D20E9BD2260F319D0E11F
SHA256:487F06850C0D06B38570F4C7DE9A4AE6C2728E429A3BAD4AA5A27BC0E9157AC9
4956dw20.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37C951188967C8EB88D99893D9D191FEder
MD5:F0CF5B1794ECA7CD73F9C020DAAB8EF2
SHA256:2AF00EDCE7EF3266897E52DC81E8DE3B7A079028C0F1F96EAFF9E38AD342F617
1440firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:C09FF302D57C404B61E6A89B0B9F36E7
SHA256:6A5B4F82595799346D0E501FE6CC8629E0FD6ED27B74D0E6CB5073DDB2E3C40B
4956dw20.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER9B89.tmp.xmlxml
MD5:D3BBAB7DF1A1F585BDB22E1FB318E8B3
SHA256:A2732D8823F9FC8594B3B34BE5A98BA22126BABBF4D6837C0465B9A3A75CD876
1784Anonymous DoSer.exeC:\Users\admin\AppData\Local\Temp\622648417.exeexecutable
MD5:270F2F56AF0DE91CC5F0B83ED241851B
SHA256:1A9E73E0E877EDD16882DCC866467E7EE817EFAD6EF68A7DE82C2C12B2E566FE
6284vbc.exeC:\Users\admin\AppData\Roaming\DDos.exeexecutable
MD5:D881DE17AA8F2E2C08CBB7B265F928F9
SHA256:B3A37093609F9A20AD60B85A9FA9DE2BA674CBA9B5BD687729440C70BA619CA0
1440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
52
TCP/UDP connections
401
DNS requests
204
Threats
24

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6944
svchost.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1440
firefox.exe
POST
200
142.250.186.67:80
http://o.pki.goog/s/wr3/yvU
unknown
whitelisted
1440
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
1440
firefox.exe
POST
200
23.53.40.154:80
http://r11.o.lencr.org/
unknown
whitelisted
1440
firefox.exe
POST
200
23.53.40.161:80
http://r10.o.lencr.org/
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
2776
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2776
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1552
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1084
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
864
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5488
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6944
svchost.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5488
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4360
SearchApp.exe
104.126.37.155:443
www.bing.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
  • 51.124.78.146
whitelisted
google.com
  • 142.250.186.78
whitelisted
pritesrt.no-ip.org
malicious
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 184.30.21.171
whitelisted
www.bing.com
  • 104.126.37.155
  • 104.126.37.162
  • 104.126.37.145
  • 104.126.37.152
  • 104.126.37.147
  • 104.126.37.171
  • 104.126.37.139
  • 104.126.37.170
  • 104.126.37.179
  • 104.126.37.185
  • 104.126.37.131
  • 104.126.37.144
  • 104.126.37.130
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.31.73
  • 20.190.159.64
  • 20.190.159.73
  • 20.190.159.4
  • 40.126.31.69
  • 40.126.31.71
  • 20.190.159.2
  • 20.190.159.68
whitelisted
th.bing.com
  • 104.126.37.162
  • 104.126.37.185
  • 104.126.37.179
  • 104.126.37.170
  • 104.126.37.139
  • 104.126.37.137
  • 104.126.37.171
  • 104.126.37.155
  • 104.126.37.130
  • 104.126.37.163
  • 104.126.37.153
  • 104.126.37.154
whitelisted
go.microsoft.com
  • 23.218.210.69
whitelisted

Threats

PID
Process
Class
Message
2172
svchost.exe
Misc activity
ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain
2172
svchost.exe
Misc activity
ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain
2172
svchost.exe
Misc activity
ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain
2172
svchost.exe
Misc activity
ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain
2172
svchost.exe
Misc activity
ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain
2172
svchost.exe
Misc activity
ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain
2172
svchost.exe
Misc activity
ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain
2172
svchost.exe
Misc activity
ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain
2172
svchost.exe
Misc activity
ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain
2172
svchost.exe
Misc activity
ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Anonymous DoSer.exe