download:

/ja/download/winthruster/

Full analysis: https://app.any.run/tasks/7f7513a8-5563-4759-b845-4d075e7b3b3c
Verdict: Malicious activity
Analysis date: October 19, 2023, 03:07:51
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines
MD5:

C9EE4423B1AF55E7DE39F4C87B0F1A7A

SHA1:

AB0584836259B3573AAB9B851A8E108718BCD572

SHA256:

FE16334035EA23FF9609F21ACE0E7A54991C89CC07E4683EEC074504C6CBCB85

SSDEEP:

192:GXVk3V6q4L3z255gTGrQpglGA2f7+JVZImAlsxmhKLdkhbs1SUNGCiX1t5LgCxy0:GX23glog7iffPIg5SUNGCilLCT40Tc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Setup_WinThruster_2024.exe (PID: 1176)
      • Setup_WinThruster_2024.exe (PID: 1620)
      • WinThruster.exe (PID: 664)
      • WTNotifications.exe (PID: 2428)

    • Drops the executable file immediately after the start

      • Setup_WinThruster_2024.exe (PID: 1620)
      • Setup_WinThruster_2024.exe (PID: 1176)
      • Setup_WinThruster_2024.tmp (PID: 3900)

    • Actions looks like stealing of personal data

      • WTNotifications.exe (PID: 2428)
      • WinThruster.exe (PID: 664)

    • Steals credentials from Web Browsers

      • WTNotifications.exe (PID: 2428)
      • WinThruster.exe (PID: 664)

    • Loads dropped or rewritten executable

      • WinThruster.exe (PID: 664)
      • WTNotifications.exe (PID: 2428)

    • Uses Task Scheduler to autorun other applications

      • WinThruster.exe (PID: 664)

  • SUSPICIOUS

    • Uses pipe srvsvc via SMB (transferring data)

      • iexplore.exe (PID: 2512)

    • Process drops SQLite DLL files

      • Setup_WinThruster_2024.tmp (PID: 3900)

    • Searches for installed software

      • WTNotifications.exe (PID: 2428)
      • WinThruster.exe (PID: 664)

    • Reads the Windows owner or organization settings

      • Setup_WinThruster_2024.tmp (PID: 3900)

    • Reads the Internet Settings

      • WinThruster.exe (PID: 664)

    • Reads browser cookies

      • WinThruster.exe (PID: 664)

    • Checks for Java to be installed

      • WinThruster.exe (PID: 664)

    • Reads Mozilla Firefox installation path

      • WinThruster.exe (PID: 664)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3820)
      • iexplore.exe (PID: 2512)
      • msedge.exe (PID: 1736)
      • msedge.exe (PID: 3920)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 3820)
      • iexplore.exe (PID: 2512)

    • Create files in a temporary directory

      • Setup_WinThruster_2024.exe (PID: 1176)
      • Setup_WinThruster_2024.exe (PID: 1620)
      • Setup_WinThruster_2024.tmp (PID: 3900)
      • WinThruster.exe (PID: 664)

    • Reads the computer name

      • Setup_WinThruster_2024.tmp (PID: 2924)
      • Setup_WinThruster_2024.tmp (PID: 3900)
      • WTNotifications.exe (PID: 2428)
      • WinThruster.exe (PID: 664)

    • Application was dropped or rewritten from another process

      • Setup_WinThruster_2024.tmp (PID: 2924)
      • Setup_WinThruster_2024.tmp (PID: 3900)

    • Checks supported languages

      • Setup_WinThruster_2024.exe (PID: 1620)
      • Setup_WinThruster_2024.tmp (PID: 3900)
      • Setup_WinThruster_2024.exe (PID: 1176)
      • Setup_WinThruster_2024.tmp (PID: 2924)
      • WTNotifications.exe (PID: 2428)
      • WinThruster.exe (PID: 664)

    • Creates files in the program directory

      • Setup_WinThruster_2024.tmp (PID: 3900)
      • WinThruster.exe (PID: 664)

    • Process checks computer location settings

      • WTNotifications.exe (PID: 2428)

    • Creates files or folders in the user directory

      • WTNotifications.exe (PID: 2428)
      • WinThruster.exe (PID: 664)

    • The process uses the downloaded file

      • iexplore.exe (PID: 3820)

    • Checks proxy server information

      • WinThruster.exe (PID: 664)

    • Reads the machine GUID from the registry

      • WinThruster.exe (PID: 664)

    • Reads CPU info

      • WinThruster.exe (PID: 664)

    • Manual execution by a user

      • msedge.exe (PID: 3920)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
78
Monitored processes
34
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe iexplore.exe no specs setup_winthruster_2024.exe no specs setup_winthruster_2024.tmp no specs setup_winthruster_2024.exe setup_winthruster_2024.tmp no specs wtnotifications.exe winthruster.exe schtasks.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
664"C:\Program Files\WinThruster\WinThruster.exe" /STARTC:\Program Files\WinThruster\WinThruster.exe
Setup_WinThruster_2024.tmp
User:
admin
Company:
Solvusoft
Integrity Level:
HIGH
Description:
WinThruster
Exit code:
0
Version:
8.0.0.1
Modules
Images
c:\program files\winthruster\winthruster.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
940"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1308,i,14599116010542135215,17754114417997560106,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1036"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1336,i,9707450929624164357,14745375215582554858,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
1176"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\Setup_WinThruster_2024.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\Setup_WinThruster_2024.exeiexplore.exe
User:
admin
Company:
Solvusoft
Integrity Level:
MEDIUM
Description:
WinThruster
Exit code:
0
Version:
8.0.0.1
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\78rfyb7z\setup_winthruster_2024.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1484"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1264 --field-trial-handle=1308,i,14599116010542135215,17754114417997560106,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1620"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\Setup_WinThruster_2024.exe" /SPAWNWND=$E01DC /NOTIFYWND=$B01D4 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\Setup_WinThruster_2024.exe
Setup_WinThruster_2024.tmp
User:
admin
Company:
Solvusoft
Integrity Level:
HIGH
Description:
WinThruster
Exit code:
0
Version:
8.0.0.1
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\78rfyb7z\setup_winthruster_2024.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1736"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.solvusoft.com/en/checkout/winthruster/C:\Program Files\Microsoft\Edge\Application\msedge.exeWinThruster.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1740"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1308,i,14599116010542135215,17754114417997560106,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1828"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1564 --field-trial-handle=1308,i,14599116010542135215,17754114417997560106,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1848"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4024 --field-trial-handle=1308,i,14599116010542135215,17754114417997560106,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
Total events
46 352
Read events
46 170
Write events
165
Delete events
17

Modification events

(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
16
Suspicious files
171
Text files
135
Unknown types
0

Dropped files

PID
Process
Filename
Type
2512iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
2512iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:F0E284711D452594867388D8EE19956F
SHA256:2C636ABB8ABB09CE3C88B7286F5D62E7B164B6BCB4A2E410F64F7F14E61808B5
2512iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:B485F2865BA38B81AE46880617808BE1
SHA256:DB9151B6069DD8CD8CE3A4025E182E5ED7468A187773197AD82E3A1C17195C52
2512iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:011E11F566E36313F65AE4D528177313
SHA256:9948F9E60D4803EFADC8F88FAEBB1F5D22149089C22E23401DA2AE53053B0498
2512iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656binary
MD5:FE4C649A5D0DFB2A665CF212DD3FBEA4
SHA256:C4C24AAA9F8BF189F736171C74D23795DC8DF883340A33E12E5385F4B8697A41
2512iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:7387F0E36EEA5A7A28290DBE9610163C
SHA256:1AE608025F9C087F53E253295C58813851C3ED8724A0A0A2EF5C69AF2B8252AA
2512iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:82DC243E94621AAA3D105BF713963985
SHA256:F0D73CC7F4DA7D6990867292B10474B951B1934176832DB1C1A1A80F1E41CFC7
2512iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:556AE31E35BFA9C7788D82C04CD9F29F
SHA256:8140E29CE4B108BC1D3F85F9AE7592CC0B51F5210DC84223CB0D16FB396D7AE9
2512iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:0A79C793E4ABE0F5FBEFF02AB66BC5A8
SHA256:76BA7E3E8993AF858A58C6D183A8F88F1FB64BADB0F16F4156BF9BBFEFF4B833
2512iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:E2740CE9FEDB5953A78B79290088CDBE
SHA256:8ECDCC20E01AC9D068C9A3DFDAC648287195ADB3385A77C4C42D02CAC652FE2D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
114
DNS requests
116
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2512
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d2ccd8303e2ccc2b
unknown
compressed
4.66 Kb
unknown
2512
iexplore.exe
GET
200
142.250.187.163:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
2512
iexplore.exe
OPTIONS
400
142.251.140.40:80
http://www.googletagmanager.com/
unknown
html
1.52 Kb
unknown
2512
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5a70590b3f325ac7
unknown
compressed
4.66 Kb
unknown
2512
iexplore.exe
GET
200
18.66.142.79:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
unknown
binary
1.51 Kb
unknown
2512
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f3414b8855d373a5
unknown
compressed
4.66 Kb
unknown
2512
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9ee3b19e1b3cf9b2
unknown
compressed
4.66 Kb
unknown
2512
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c216ccb1a8ac9f93
unknown
compressed
4.66 Kb
unknown
2512
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?787773aa3d43f34d
unknown
compressed
4.66 Kb
unknown
2512
iexplore.exe
GET
200
104.18.15.101:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
binary
2.18 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2512
iexplore.exe
142.250.185.72:443
www.googletagmanager.com
GOOGLE
US
unknown
2512
iexplore.exe
151.101.66.137:443
code.jquery.com
FASTLY
US
unknown
2512
iexplore.exe
18.66.147.19:443
cdn.ywxi.net
AMAZON-02
US
unknown
4
System
142.250.185.72:445
www.googletagmanager.com
GOOGLE
US
unknown
2656
svchost.exe
239.255.255.250:1900
whitelisted
4
System
142.250.185.72:139
www.googletagmanager.com
GOOGLE
US
unknown
2512
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2512
iexplore.exe
108.138.2.173:80
o.ss2.us
AMAZON-02
US
unknown
2512
iexplore.exe
104.18.14.101:80
ocsp.comodoca.com
CLOUDFLARENET
unknown
2512
iexplore.exe
142.250.187.163:80
ocsp.pki.goog
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
www.googletagmanager.com
  • 142.250.185.72
  • 142.251.140.40
  • 142.250.184.232
  • 172.217.16.200
whitelisted
cdn.ywxi.net
  • 18.66.147.19
  • 18.66.147.2
  • 18.66.147.110
  • 18.66.147.113
shared
code.jquery.com
  • 151.101.66.137
  • 151.101.194.137
  • 151.101.130.137
  • 151.101.2.137
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
o.ss2.us
  • 108.138.2.173
  • 108.138.2.195
  • 108.138.2.107
  • 108.138.2.10
whitelisted
ocsp.comodoca.com
  • 104.18.14.101
  • 104.18.15.101
whitelisted
ocsp.pki.goog
  • 142.250.187.163
whitelisted
ocsp.rootg2.amazontrust.com
  • 18.66.142.79
whitelisted
ocsp.usertrust.com
  • 104.18.15.101
  • 104.18.14.101
whitelisted
ocsp.rootca1.amazontrust.com
  • 18.66.142.79
shared

Threats

Found threats are available for the paid subscriptions
8 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/ja/download/winthruster/