analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.mediafire.com/file/nsn7i0ftf7dvfk2/JakeAdventures.rar/file

Full analysis: https://app.any.run/tasks/ad8d3c4b-aeb3-4ee8-9049-fdad4cb9d4a2
Verdict: Malicious activity
Analysis date: January 15, 2022, 03:52:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

D424DDA457F0A3EF13E765013AE98657

SHA1:

479F44168856F83C4CE9FB3A51A08CE201F55C78

SHA256:

FB6A024B9E64B1E9407AD32A7AC75400F2A0549E87888C365E9E0F86CD5ABDD1

SSDEEP:

3:N8DSLw3eGUoPaDmOknAILXlDIA:2OLw3eGuDmOCaA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2892)
    • Checks supported languages

      • WinRAR.exe (PID: 3160)
    • Reads the computer name

      • WinRAR.exe (PID: 3160)
    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2164)
    • Reads default file associations for system extensions

      • chrome.exe (PID: 3456)
  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 3496)
      • iexplore.exe (PID: 2892)
      • chrome.exe (PID: 2164)
      • chrome.exe (PID: 1864)
      • chrome.exe (PID: 3212)
      • chrome.exe (PID: 676)
      • chrome.exe (PID: 1552)
      • chrome.exe (PID: 3456)
      • chrome.exe (PID: 3440)
      • chrome.exe (PID: 2956)
      • chrome.exe (PID: 3652)
      • chrome.exe (PID: 1728)
    • Checks supported languages

      • iexplore.exe (PID: 2892)
      • iexplore.exe (PID: 3496)
      • chrome.exe (PID: 1864)
      • chrome.exe (PID: 2164)
      • chrome.exe (PID: 3212)
      • chrome.exe (PID: 3076)
      • chrome.exe (PID: 776)
      • chrome.exe (PID: 2292)
      • chrome.exe (PID: 1168)
      • chrome.exe (PID: 676)
      • chrome.exe (PID: 3436)
      • chrome.exe (PID: 3220)
      • chrome.exe (PID: 1876)
      • chrome.exe (PID: 3272)
      • chrome.exe (PID: 2336)
      • chrome.exe (PID: 836)
      • chrome.exe (PID: 2836)
      • chrome.exe (PID: 3896)
      • chrome.exe (PID: 1864)
      • chrome.exe (PID: 1552)
      • chrome.exe (PID: 3456)
      • chrome.exe (PID: 828)
      • chrome.exe (PID: 3932)
      • chrome.exe (PID: 3272)
      • chrome.exe (PID: 3440)
      • chrome.exe (PID: 3188)
      • chrome.exe (PID: 2912)
      • chrome.exe (PID: 3652)
      • chrome.exe (PID: 1728)
      • chrome.exe (PID: 2956)
    • Changes internet zones settings

      • iexplore.exe (PID: 3496)
    • Application launched itself

      • iexplore.exe (PID: 3496)
      • chrome.exe (PID: 2164)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2892)
      • iexplore.exe (PID: 3496)
      • chrome.exe (PID: 3212)
    • Creates files in the user directory

      • iexplore.exe (PID: 2892)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2892)
      • iexplore.exe (PID: 3496)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2892)
    • Reads the date of Windows installation

      • iexplore.exe (PID: 3496)
      • chrome.exe (PID: 3652)
    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3496)
    • Manual execution by user

      • chrome.exe (PID: 2164)
    • Reads the hosts file

      • chrome.exe (PID: 2164)
      • chrome.exe (PID: 3212)
    • Dropped object may contain Bitcoin addresses

      • chrome.exe (PID: 2164)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
70
Monitored processes
31
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe winrar.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3496"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.mediafire.com/file/nsn7i0ftf7dvfk2/JakeAdventures.rar/file"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2892"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3496 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3160"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\JakeAdventures.rar"C:\Program Files\WinRAR\WinRAR.exeiexplore.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\usp10.dll
2164"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
3076"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x719dd988,0x719dd998,0x719dd9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1864"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1040 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
3212"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1344 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2292"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1676 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
776"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1168"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
Total events
30 939
Read events
30 529
Write events
406
Delete events
4

Modification events

(PID) Process:(3496) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3496) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3496) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30935491
(PID) Process:(3496) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3496) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30935491
(PID) Process:(3496) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3496) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3496) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3496) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3496) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
210
Text files
168
Unknown types
44

Dropped files

PID
Process
Filename
Type
2892iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\QEIM51FK.txttext
MD5:E0B2FBB0B0125CAFC3477913E61C3E5A
SHA256:FAD03CF3A964DCE56C901A66D91B4DB75DFEBD8600C56F173C2FB8EB3DF9261B
2892iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:E4050A24275E5C5B93C68F06CF1513DF
SHA256:D13933BF7634B09544BE113FD41984A6AB146549D7BF7787D727C72F351D2DEB
2892iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\3UL24ZYN.txttext
MD5:9B370EC1F6282B15EEED1F961585884F
SHA256:2835439803F0D7D39588F9116FB87A9F0C015AB6455939CA9F130AC12A2307CA
2892iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894der
MD5:1BA78C901BF35F9710BE47AE2A6B3D25
SHA256:7E96651546AE845FCFEB2A1B3149E6B9EDB3198CFB4E6A8155C60951C1874585
2892iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:BEAB9DA0AA8E569DD7B0DEDBA4676D02
SHA256:7C5EE0FF5ECD229BA442C639096CFB79D50D7FC6841A8E99693393A920A70C33
2892iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Eder
MD5:6DC758DAFCA329C85C8BBC01CC0AD57B
SHA256:A3D5AFDA772958B0AE1A2F3CC1F2657836A732C54266EF7EB9DF5844E4A19973
2892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\file[1].htmhtml
MD5:EE4EFE050C205BE212181AA1CB68621C
SHA256:1B817FE3FA558FB0D3AA98C309106FCB14398FC4813D8AFC939FCE97F8565578
2892iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833Bbinary
MD5:34B824D34F83A0906CE4D3B23BA60EBB
SHA256:8F6A396F3A60BA076ACA9E11C7371DE56A8CD5C481EB622D36CB7550CB40B8DB
2892iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:BC8E582AE1BF6FC79DDEA6BCE08F066D
SHA256:CD9A8EC2E3CFBA41C1B7F0189FD252188F1225B1490A5540D7DA80F60F6309DB
2892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\infinity.js[1].jstext
MD5:0A46AD7CE508AAF0E0D455E8C50DE308
SHA256:C0EC5FBBEBFB6861E2462F1D3A2381FF28F48EED9E6E30D312C6A6D2E4A2E97B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
85
DNS requests
44
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2892
iexplore.exe
GET
200
104.18.31.182:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D
US
der
727 b
whitelisted
3496
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
2892
iexplore.exe
GET
200
18.66.92.207:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
2892
iexplore.exe
GET
200
104.18.31.182:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D
US
der
727 b
whitelisted
2892
iexplore.exe
GET
200
52.222.250.42:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
2892
iexplore.exe
GET
200
104.18.30.182:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQh80WaEMqmyEvaHjlisSfVM4p8SAQUF9nWJSdn%2BTHCSUPZMDZEjGypT%2BsCEFr3KD%2BSUISekGKz6JjTwGw%3D
US
der
471 b
whitelisted
2892
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
2892
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGmSmALa8169CgAAAAEn3NM%3D
US
der
471 b
whitelisted
2892
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
2892
iexplore.exe
GET
200
104.18.31.182:80
http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQDsCXYdUL4EYo7T3qwnuV1j
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2892
iexplore.exe
172.67.70.134:443
btloader.com
US
suspicious
2892
iexplore.exe
104.16.95.65:443
static.cloudflareinsights.com
Cloudflare Inc
US
shared
2892
iexplore.exe
2.16.186.56:80
ctldl.windowsupdate.com
Akamai International B.V.
whitelisted
2892
iexplore.exe
52.222.206.118:443
cdn.amplitude.com
Amazon.com, Inc.
US
suspicious
2892
iexplore.exe
142.250.186.110:443
translate.google.com
Google Inc.
US
whitelisted
2892
iexplore.exe
104.18.31.182:80
ocsp.comodoca.com
Cloudflare Inc
US
unknown
2892
iexplore.exe
142.250.185.232:443
www.googletagmanager.com
Google Inc.
US
suspicious
2892
iexplore.exe
104.16.203.237:443
www.mediafire.com
Cloudflare Inc
US
unknown
2892
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2892
iexplore.exe
142.250.185.195:80
ocsp.pki.goog
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.mediafire.com
  • 104.16.203.237
  • 104.16.202.237
shared
ctldl.windowsupdate.com
  • 2.16.186.56
  • 2.16.186.81
whitelisted
ocsp.comodoca.com
  • 104.18.31.182
  • 104.18.30.182
whitelisted
ocsp.usertrust.com
  • 104.18.31.182
  • 104.18.30.182
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.googletagmanager.com
  • 142.250.185.232
whitelisted
btloader.com
  • 172.67.70.134
  • 104.26.7.139
  • 104.26.6.139
whitelisted
translate.google.com
  • 142.250.186.110
whitelisted
fundingchoicesmessages.google.com
  • 142.250.186.110
whitelisted

Threats

No threats detected
No debug info