analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.7z

Full analysis: https://app.any.run/tasks/3739197c-0c3c-42fc-88c5-bd046d3993e7
Verdict: Malicious activity
Analysis date: July 04, 2024, 15:20:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
screen
dyndns
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

418767DF792C8DF04D2A693B37C77C94

SHA1:

A034F987F8042FF01FAF92AAE38842EC5200E121

SHA256:

FC6FC38D83635663EF57ACB9CBDC7F3E4DBEE67858988B69E33D71F6A79CD291

SSDEEP:

12288:D/7YYGQ9a1wjNSIs1om98S9MeFxf07NICLcW9gu+HzllIrdw7AXmN3o1TMZ:b7YYGQ9ayjNDsOm9r9MeFxf07N1cW9gz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe (PID: 3212)
      • WinRAR.exe (PID: 3416)

    • Changes the autorun value in the registry

      • cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe (PID: 3212)

    • Connects to the CnC server

      • Synaptics.exe (PID: 1980)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe (PID: 3212)
      • Synaptics.exe (PID: 1980)

    • Executable content was dropped or overwritten

      • cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe (PID: 3212)

    • Reads the Internet Settings

      • cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe (PID: 3212)
      • Synaptics.exe (PID: 1980)

    • Reads the date of Windows installation

      • cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe (PID: 3212)

    • There is functionality for taking screenshot (YARA)

      • Synaptics.exe (PID: 1980)

    • Contacting a server suspected of hosting an CnC

      • Synaptics.exe (PID: 1980)

    • There is functionality for communication dyndns network (YARA)

      • Synaptics.exe (PID: 1980)

    • Reads settings of System Certificates

      • Synaptics.exe (PID: 1980)

    • Checks Windows Trust Settings

      • Synaptics.exe (PID: 1980)

  • INFO

    • Checks supported languages

      • cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe (PID: 3212)
      • ._cache_cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe (PID: 2752)
      • Synaptics.exe (PID: 1980)

    • Reads the computer name

      • cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe (PID: 3212)
      • Synaptics.exe (PID: 1980)

    • Manual execution by a user

      • cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe (PID: 3212)
      • chrome.exe (PID: 3132)

    • Creates files in the program directory

      • cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe (PID: 3212)
      • Synaptics.exe (PID: 1980)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3416)

    • Checks proxy server information

      • Synaptics.exe (PID: 1980)

    • Reads the machine GUID from the registry

      • cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe (PID: 3212)
      • Synaptics.exe (PID: 1980)

    • Creates files or folders in the user directory

      • Synaptics.exe (PID: 1980)

    • Create files in a temporary directory

      • Synaptics.exe (PID: 1980)

    • Reads the software policy settings

      • Synaptics.exe (PID: 1980)

    • Application launched itself

      • chrome.exe (PID: 3132)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)

EXIF

Composite

Duration: 0:01:10 (approx)

MPEG

Emphasis: CCIT J.17
OriginalMedia:
CopyrightFlag: -
IntensityStereo: Off
MSStereo: Off
ChannelMode: Joint Stereo
SampleRate: 24000
AudioBitrate: 48 kbps
AudioLayer: 3
MPEGAudioVersion: 2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
68
Monitored processes
25
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe ._cache_cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe no specs THREAT synaptics.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3416"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\Desktop\cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.7zC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3212"C:\Users\admin\Desktop\cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe" C:\Users\admin\Desktop\cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2752"C:\Users\admin\Desktop\._cache_cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe" C:\Users\admin\Desktop\._cache_cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.execf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe
User:
admin
Integrity Level:
MEDIUM
Description:
作者:牛哥,QQ:910313965
Version:
1, 0, 0, 1
Modules
Images
c:\users\admin\desktop\._cache_cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1980"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateC:\ProgramData\Synaptics\Synaptics.exe
cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\programdata\synaptics\synaptics.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3132"C:\Program Files\Google\Chrome\Application\chrome.exe" "--disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
936"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6aaa8b38,0x6aaa8b48,0x6aaa8b54C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1428"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1128,i,2494035922413245836,610974833084478508,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2512"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=1284 --field-trial-handle=1128,i,2494035922413245836,610974833084478508,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
3992"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=1572 --field-trial-handle=1128,i,2494035922413245836,610974833084478508,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2836"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2096 --field-trial-handle=1128,i,2494035922413245836,610974833084478508,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
22 377
Read events
22 090
Write events
278
Delete events
9

Modification events

(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3416) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.7z
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
7
Suspicious files
169
Text files
35
Unknown types
2

Dropped files

PID
Process
Filename
Type
3132chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF580ff.TMP
MD5:
SHA256:
3132chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3132chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldtext
MD5:FA25AF7098FC1571F24F200A9D105D58
SHA256:4F40C87070B7A151FB241CCF36E7027AA703C15CA0ACB0A1759DA07B2C318574
3132chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF58312.TMPtext
MD5:E53573A93829681410D5E7DBB1B61C78
SHA256:A82D28F2C1E22A2AE0ABC5F5AF0CC8EE7AD913BAB3A0BF84CE6D8D23F67E06A3
3132chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old~RF58350.TMPtext
MD5:4E2B7997F4C3647F8D1ADA88339BBBA5
SHA256:C33226C460208AA10537A23CB5128FD887DCBAA335C7DC8BFFBE08A607CCFDF5
3132chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:9F941EA08DBDCA2EB3CFA1DBBBA6F5DC
SHA256:127F71DF0D2AD895D4F293E62284D85971AE047CA15F90B87BF6335898B0B655
3132chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF5813d.TMPtext
MD5:ECD3386BCC950E73B86EB128A5F57622
SHA256:C9A068EAFBC587EDFC89392F64DDD350EEB96C5CF195CDB030BAB8F6DD33833B
3212cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.exeC:\ProgramData\Synaptics\Synaptics.exeexecutable
MD5:84BC432D6136C6593F18D7D73F2CCB3B
SHA256:CF0D5C1EB4A7B99F347F02F09977F049FCB9C690F8686A42995E1007B831D566
3132chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF582b4.TMPtext
MD5:AD0DB8476493577A67FA94A162B646C4
SHA256:304FB5B4FD83D4A9FF1EF4CF20232A1783169C148297BFE37ED24A1D22A74F2B
3132chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:456D3EF989973A7C218E338A6CFFAD25
SHA256:75631D994431F254B94255C50038A3657BFC45D76FCE9D794D514E57CA678872
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
67
DNS requests
73
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
unknown
1060
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?67a3611ec3c0260d
unknown
unknown
2512
chrome.exe
GET
302
216.239.32.21:80
http://virustotal.com/
unknown
unknown
1980
Synaptics.exe
GET
200
142.250.185.99:80
http://c.pki.goog/r/r1.crl
unknown
unknown
1980
Synaptics.exe
GET
142.250.185.99:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
unknown
2512
chrome.exe
GET
204
142.250.185.227:80
http://www.gstatic.com/generate_204
unknown
unknown
2512
chrome.exe
GET
216.239.32.21:80
http://virustotal.com/
unknown
unknown
1980
Synaptics.exe
GET
200
142.250.185.99:80
http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCRq%2FXldMamzQqGAD6YrjKf
unknown
unknown
1980
Synaptics.exe
GET
200
69.42.215.252:80
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
unknown
unknown
844
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
1372
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
4
System
192.168.100.255:138
whitelisted
1372
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1372
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1372
svchost.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
104.119.109.218:80
www.microsoft.com
AKAMAI-AS
DE
unknown
1980
Synaptics.exe
69.42.215.252:80
freedns.afraid.org
AWKNET
US
unknown

DNS requests

Domain
IP
Reputation
dns.msftncsi.com
  • 131.107.255.255
shared
xred.mooo.com
unknown
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 104.119.109.218
whitelisted
freedns.afraid.org
  • 69.42.215.252
whitelisted
clientservices.googleapis.com
  • 142.250.185.227
whitelisted
accounts.google.com
  • 142.250.145.84
shared
www.google.com
  • 216.58.206.68
  • 216.58.206.36
whitelisted

Threats

PID
Process
Class
Message
1060
svchost.exe
Misc activity
ET INFO DYNAMIC_DNS Query to Abused Domain *.mooo.com
3 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
cf0d5c1eb4a7b99f347f02f09977f049fcb9c690f8686a42995e1007b831d566.7z