File name:

zipmate.exe

Full analysis: https://app.any.run/tasks/e2816a16-b54f-40dd-a133-1b3b1931ef6e
Verdict: Malicious activity
Analysis date: July 16, 2024, 11:14:21
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5:

6EECCD2AF7CCE1677DC9FB87ACD870A5

SHA1:

3436CFAE619B3A0D58F6F8A30F82A7A7953B57F7

SHA256:

F05296B7881F233187CA9C9EBCADD718B5E88727E2743873DFBEDEA001B19772

SSDEEP:

98304:XVgljHUxi15+OYHZKtViqMDIhZlqcxuA4:Xv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • zipmate.exe (PID: 452)

  • SUSPICIOUS

    • Searches for installed software

      • zipmate.exe (PID: 452)

    • Creates a software uninstall entry

      • zipmate.exe (PID: 452)

    • Reads security settings of Internet Explorer

      • zipmate.exe (PID: 452)

    • Reads the date of Windows installation

      • zipmate.exe (PID: 452)

  • INFO

    • Reads the machine GUID from the registry

      • zipmate.exe (PID: 452)

    • Reads Microsoft Office registry keys

      • zipmate.exe (PID: 452)
      • firefox.exe (PID: 7928)
      • msedge.exe (PID: 6856)
      • msedge.exe (PID: 7988)
      • firefox.exe (PID: 7120)

    • Application launched itself

      • firefox.exe (PID: 7120)
      • firefox.exe (PID: 7912)
      • firefox.exe (PID: 7928)
      • msedge.exe (PID: 7988)
      • msedge.exe (PID: 6856)
      • firefox.exe (PID: 7064)

    • Reads the computer name

      • zipmate.exe (PID: 452)
      • identity_helper.exe (PID: 2832)
      • identity_helper.exe (PID: 240)

    • Checks supported languages

      • zipmate.exe (PID: 452)
      • identity_helper.exe (PID: 2832)
      • identity_helper.exe (PID: 240)

    • Disables trace logs

      • zipmate.exe (PID: 452)

    • Checks proxy server information

      • zipmate.exe (PID: 452)

    • Reads the software policy settings

      • zipmate.exe (PID: 452)
      • slui.exe (PID: 6904)

    • Reads Environment values

      • zipmate.exe (PID: 452)

    • Create files in a temporary directory

      • zipmate.exe (PID: 452)

    • Manual execution by a user

      • msedge.exe (PID: 6856)

    • Creates files or folders in the user directory

      • zipmate.exe (PID: 452)

    • Process checks computer location settings

      • zipmate.exe (PID: 452)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2071:01:15 18:27:59+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 48
CodeSize: 4371968
InitializedDataSize: 17408
UninitializedDataSize: -
EntryPoint: 0x0000
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 3.30.2.25
ProductVersionNumber: 3.30.2.25
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: -
FileDescription: Zipmate
FileVersion: 3.30.2.25
InternalName: Zipmate.exe
LegalCopyright: © 2024 Or Kahol Ltd. All rights reserved.
LegalTrademarks: -
OriginalFileName: Zipmate.exe
ProductName: Zipmate
ProductVersion: 3.30.2.25
AssemblyVersion: 3.30.2.25
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
211
Monitored processes
69
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start zipmate.exe sppextcomobj.exe no specs slui.exe firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
240"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3436 --field-trial-handle=2112,i,1913458532922982631,1242269003676165451,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\sechost.dll
368"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x260,0x264,0x268,0x25c,0x270,0x7ffd9d905fd8,0x7ffd9d905fe4,0x7ffd9d905ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
452"C:\Users\admin\AppData\Local\Temp\zipmate.exe" C:\Users\admin\AppData\Local\Temp\zipmate.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Zipmate
Exit code:
0
Version:
3.30.2.25
Modules
Images
c:\users\admin\appdata\local\temp\zipmate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1384"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6276 --field-trial-handle=2200,i,5768089008622142685,2511529780473385245,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1388"C:\Program Files\mozilla Firefox\Firefox.exe" -contentproc --channel=5200 -parentBuildID 20240213221259 -sandboxingKind 0 -prefsHandle 2644 -prefMapHandle 5156 -prefsLen 35306 -prefMapSize 244343 -win32kLockedDown -appDir "C:\Program Files\mozilla Firefox\browser" - {a8c5dd4c-f38b-42c7-af99-a0b595ad2a29} 7928 "\\.\pipe\gecko-crash-server-pipe.7928" 23d218e0510 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
2044"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6092 --field-trial-handle=2200,i,5768089008622142685,2511529780473385245,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2648"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6232 --field-trial-handle=2200,i,5768089008622142685,2511529780473385245,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2832"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5356 --field-trial-handle=2200,i,5768089008622142685,2511529780473385245,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2888"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1432 --field-trial-handle=2200,i,5768089008622142685,2511529780473385245,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2972"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4640 --field-trial-handle=2112,i,1913458532922982631,1242269003676165451,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
48 072
Read events
47 792
Write events
272
Delete events
8

Modification events

(PID) Process:(452) zipmate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\zipmate_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(452) zipmate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\zipmate_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(452) zipmate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\zipmate_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(452) zipmate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\zipmate_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(452) zipmate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\zipmate_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(452) zipmate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\zipmate_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(452) zipmate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\zipmate_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(452) zipmate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\zipmate_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(452) zipmate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\zipmate_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(452) zipmate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\zipmate_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
4
Suspicious files
469
Text files
133
Unknown types
15

Dropped files

PID
Process
Filename
Type
7120firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:297E88D7CEB26E549254EC875649F4EB
SHA256:8B75D4FB1845BAA06122888D11F6B65E6A36B140C54A72CC13DF390FD7C95702
452zipmate.exeC:\Users\admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XMLtext
MD5:5433EAB10C6B5C6D55B7CBD302426A39
SHA256:23DBF7014E99E93AF5F2760F18EE1370274F06A453145C8D539B66D798DAD131
7120firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
7120firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
7120firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs-1.jstext
MD5:B8F66D509DFC9C50147CA4714695EBDD
SHA256:D8F2010B68AF5D5D2CF59470D892564ABAC376B2DDE4DA4BBBB5D95E081AD058
7120firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
452zipmate.exeC:\Users\admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.baktext
MD5:7050D5AE8ACFBE560FA11073FEF8185D
SHA256:CB87767C4A384C24E4A0F88455F59101B1AE7B4FB8DE8A5ADB4136C5F7EE545B
7120firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
452zipmate.exeC:\Users\admin\AppData\Local\Temp\Mate.Assets.ZipAnima.mp43g2
MD5:1C1EA327AC5318F622523DC8668C1F0E
SHA256:4AC24F78FFE5CF18D675E99B774EC2B51B8F47E9A87195B6F7DF7AA6207B3F00
7120firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
60
TCP/UDP connections
210
DNS requests
245
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
3996
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5680
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5680
svchost.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7120
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
7120
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
7120
firefox.exe
POST
200
23.53.40.154:80
http://r3.o.lencr.org/
unknown
unknown
7120
firefox.exe
POST
200
23.53.40.154:80
http://r10.o.lencr.org/
unknown
unknown
7120
firefox.exe
POST
200
23.53.40.154:80
http://r10.o.lencr.org/
unknown
unknown
7120
firefox.exe
POST
200
23.53.40.154:80
http://r10.o.lencr.org/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5680
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2052
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2204
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4656
SearchApp.exe
2.23.209.191:443
www.bing.com
Akamai International B.V.
GB
unknown
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
4032
svchost.exe
239.255.255.250:1900
whitelisted
452
zipmate.exe
5.161.45.157:443
vey.cliemate.com
Hetzner Online GmbH
US
unknown
3996
svchost.exe
20.190.159.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
whitelisted
www.bing.com
  • 2.23.209.191
  • 2.23.209.176
  • 2.23.209.186
  • 2.23.209.187
  • 2.23.209.183
  • 2.23.209.185
  • 2.23.209.188
  • 2.23.209.189
  • 2.23.209.180
  • 104.126.37.155
  • 104.126.37.154
  • 104.126.37.152
  • 104.126.37.162
  • 104.126.37.146
  • 104.126.37.161
  • 104.126.37.147
  • 104.126.37.160
  • 104.126.37.163
  • 104.126.37.129
  • 104.126.37.171
  • 104.126.37.178
  • 104.126.37.130
  • 104.126.37.123
  • 104.126.37.176
  • 104.126.37.186
  • 104.126.37.128
  • 104.126.37.185
whitelisted
google.com
  • 172.217.16.206
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
vey.cliemate.com
  • 5.161.45.157
unknown
login.live.com
  • 20.190.159.71
  • 40.126.31.71
  • 40.126.31.73
  • 20.190.159.23
  • 20.190.159.68
  • 40.126.31.69
  • 20.190.159.75
  • 20.190.159.64
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
nexusrules.officeapps.live.com
  • 52.111.229.43
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
crl.microsoft.com
  • 2.16.164.120
  • 2.16.164.72
whitelisted

Threats

PID
Process
Class
Message
7928
firefox.exe
Not Suspicious Traffic
INFO [ANY.RUN] Global content delivery network (unpkg .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
zipmate.exe