Report - download.sysinternals.com/files/SysinternalsSuite-Nano.zip

Report Overview

Visitedpublic

2024-06-21 01:53:30

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-20 18:12:07	2.0 kB	5.3 kB	23.36.77.32
download.sysinternals.com	317209	1998-04-12	2012-05-21 20:04:23	2024-06-16 10:55:03	512 B	9.9 MB	152.199.19.160

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

download.sysinternals.com/files/SysinternalsSuite-Nano.zip

IP / ASN

152.199.19.160

#15133 EDGECAST

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size9.9 MB (9915568 bytes)

MD522f485fc1282375ceafb56519d0bf0af

SHA1802331381928765106551b87b2a5c82239307a88

SHA256892eeff0c00ce035c976e879f78d2917c3f838462e249d2bb057a571e2a00d18

Archive (45)

Modified	Filename	Size	MD5	File type
2016-05-27 02:28	Listdlls64.exe	220 kB	8336396d50dcc9d5a5f66b078a8460dc	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2016-06-12 10:26	ntfsinfo64.exe	159 kB	c2562de6fad25d0529b1feef5b15e43f	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2016-06-28 09:49	PsLoggedon64.exe	170 kB	07ed30d2343bf8914daaed872b681118	PE32+ executable (console) x86-64, for MS Windows, 5 sections
2016-06-12 19:15	Volumeid64.exe	170 kB	81a45f1a91448313b76d2e6d5308aa7a	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2020-06-22 20:17	Clockres64.exe	440 kB	12f3605f984aacbdd106bcd57a751ebf	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2020-04-29 11:09	dbgview64.exe	1.1 MB	257d864eabfd8ed32daddf21de2c2632	PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
2020-04-29 11:19	Dbgview.chm	68 kB	c7517af60d377f3feaae84dbc279e0e9	MS Windows HtmlHelp Data
2020-09-11 13:21	diskext64.exe	443 kB	75c6551bb9220726269b2cfea22ef623	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2020-04-17 10:32	FindLinks64.exe	194 kB	9352afa6100b005f4130515a73d920fb	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2020-09-14 10:07	hex2dec64.exe	520 kB	c0252797b03f07a07c560ced7a112419	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2020-09-14 10:42	junction64.exe	448 kB	a87678bbf8f7752a85eca00ba3fc6775	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2020-09-03 09:58	pendmoves64.exe	441 kB	287563a3dcc9bbf15700e4423f6281eb	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2020-09-03 10:07	movefile64.exe	440 kB	36249a4f073f7d3fcd6681d1cf9304d6	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2020-04-30 17:20	pipelist64.exe	442 kB	e794ca9cc2af5f555ca573ace7fbde00	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2020-06-30 16:37	RegDelNull64.exe	454 kB	c1229fa275258fa7deeb14dad758646a	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2020-04-30 17:16	ru64.exe	450 kB	decf51343743702edf309e8ebac4542a	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2020-04-30 16:54	streams64.exe	444 kB	ff73c9cb2ff29f0af030224840c1c451	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2020-04-30 16:45	sync64.exe	445 kB	45f3d0b8841ce1a52d81b3fb4222d17e	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2020-04-06 09:38	whois64.exe	524 kB	8dd9e6ec7b140ce8df8621529cb33e16	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2020-11-04 20:52	du64.exe	466 kB	844332ad64c1c017698a9479622297e1	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2020-11-25 09:59	logonsessions64.exe	563 kB	2d7312129a03f5b58925898449787f73	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2021-06-22 14:58	strings64.exe	478 kB	e911a217d43ff6c453785e5606b46ce5	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2021-10-12 20:21	LoadOrdC64.exe	481 kB	80866f094d124038a3bed2febe08b49b	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2022-05-11 16:49	accesschk64.exe	810 kB	9b59ee28638232e7ec1e5b3224090a0d	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2022-07-19 16:09	sigcheck64.exe	541 kB	32fee0aff79cce5f14a9e6b03c08c019	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2022-09-29 20:26	Coreinfo64.exe	570 kB	3ae27d0e66846c2482275d845a469d9b	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2022-09-29 20:26	notmyfaultc64.exe	979 kB	08b89d543c173fc2adae048784fe618b	PE32+ executable (console) x86-64, for MS Windows, 9 sections
2022-10-26 18:50	handle64.exe	416 kB	89f845fc4898f2d47a3a81f0b57c60f1	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2022-11-03 15:55	procdump64.exe	425 kB	68a1f7c796de1d0df6b2d78e182df3a0	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2023-03-09 21:11	Contig64.exe	286 kB	6b2daf0875e7e46ae995e34b45615c5c	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2023-03-30 16:57	psping64.exe	347 kB	ad7e3ddf557e1de0170e384031d3a221	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2023-03-30 16:57	psshutdown64.exe	810 kB	b5b4abc85d5d8c817ce552c3c6a0aba5	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2023-03-30 16:57	psfile64.exe	289 kB	880ed8c97e6bdb64a342fad25094049b	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2023-03-30 16:57	PsGetsid64.exe	506 kB	c2b0f2de5955aaa313999ff20b675be4	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2023-03-30 16:57	PsInfo64.exe	536 kB	86a65cfa9f258b0a46ed54e1ad235078	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2023-03-30 16:57	pskill64.exe	477 kB	ba9345119c1175c96d27370b0d203e70	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2023-03-30 16:58	pslist64.exe	267 kB	77bf50713a9eb7b270a73a9797f8ddfe	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2023-03-30 16:58	pspasswd64.exe	271 kB	2a23848ac28d73352ba80584327ff713	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2023-03-30 16:58	PsService64.exe	322 kB	657c2da84107644a1397d49e0b526f24	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2023-03-30 16:58	pssuspend64.exe	480 kB	6eeeeb93f86c729faa2280525c699caf	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2023-04-11 18:10	PsExec64.exe	834 kB	db89ec570e6281934a5c5fcf7f4c8967	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2023-09-29 16:44	sdelete64.exe	224 kB	6a4e049d8c497d350a7bd54dfff99808	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2024-02-06 19:49	autorunsc64.exe	804 kB	6be477f8a7168fe079bfb549114cd890	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2024-02-13 18:03	Sysmon64.exe	4.5 MB	99c68a0a2ee8e42ebb52e1c84f80b730	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2024-02-13 18:03	Eula.txt	7.5 kB	8c24c4084cdc3b7e7f7a88444a012bfc	Unicode text, UTF-8 (with BOM) text, with very long lines (518), with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 3/67

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-20

Last Seen2024-08-19

Times Seen30281

Size504 B (504 bytes)

MD56d997a3e4c838d12e34de2dd2d4208c3

SHA1386abb53e2df86f291b6a86765d9a6feb88ba30b

SHA25632e00abd54407308b80a14e2916a119d95d90b1e7842f8cf0e87df306287869c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "32E00ABD54407308B80A14E2916A119D95D90B1E7842F8CF0E87DF306287869C"
Last-Modified: Thu, 20 Jun 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12996
Expires: Fri, 21 Jun 2024 05:29:34 GMT
Date: Fri, 21 Jun 2024 01:52:58 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-20

Last Seen2024-08-19

Times Seen34040

Size504 B (504 bytes)

MD5c0fde0756f59aaa5fa85a62f5f528e74

SHA13c2d990e14054ee3b407cc37d77e255533d91ed6

SHA256ca44d6619deb0e020993a84c6bfbf1993bf096b13863b706dc8a826499348276

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CA44D6619DEB0E020993A84C6BFBF1993BF096B13863B706DC8A826499348276"
Last-Modified: Wed, 19 Jun 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3352
Expires: Fri, 21 Jun 2024 02:48:50 GMT
Date: Fri, 21 Jun 2024 01:52:58 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-19

Last Seen2024-08-19

Times Seen24005

Size504 B (504 bytes)

MD55a3268763aa8247d09e7b12f8a157bb5

SHA1fbddec6e9fb707501596ca331266c50e77e23f5b

SHA2566095004cca6c22ee09c33dc58574519973f162bb1ee183856ed65675281d551c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6095004CCA6C22EE09C33DC58574519973F162BB1EE183856ED65675281D551C"
Last-Modified: Wed, 19 Jun 2024 16:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17539
Expires: Fri, 21 Jun 2024 06:45:17 GMT
Date: Fri, 21 Jun 2024 01:52:58 GMT
Connection: keep-alive

GET download.sysinternals.com/files/SysinternalsSuite-Nano.zip

152.199.19.160

200 OK

9.9 MB

URL User Request GET HTTPS

download.sysinternals.com/files/SysinternalsSuite-Nano.zip

IP / ASN

152.199.19.160

#15133 EDGECAST

Requested byN/A

Resource Info

File typeZip archive data, at least v2.0 to extract, compression method=deflate

First Seen2024-02-14

Last Seen2024-08-20

Times Seen7

Size9.9 MB (9915568 bytes)

MD522f485fc1282375ceafb56519d0bf0af

SHA1802331381928765106551b87b2a5c82239307a88

SHA256892eeff0c00ce035c976e879f78d2917c3f838462e249d2bb057a571e2a00d18

Certificate Info

IssuerDigiCert Inc

Subject*.vo.msecnd.net

FingerprintFA:89:AA:1D:ED:A8:2B:C5:06:94:27:DF:78:21:41:3C:1F:47:D3:54

ValidityThu, 06 Jun 2024 00:00:00 GMT - Fri, 06 Jun 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/67

HTTP Headers

GET /files/SysinternalsSuite-Nano.zip HTTP/1.1
Host: download.sysinternals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 76010
content-type: application/x-zip-compressed
date: Fri, 21 Jun 2024 01:52:58 GMT
etag: 0x8DC2CCABADAC4DD
last-modified: Tue, 13 Feb 2024 19:34:00 GMT
server: ECAcc (ska/F766)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 1a516c04-101e-0054-5ccc-c2f404000000
x-ms-version: 2009-09-19
content-length: 9915568
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-21

Last Seen2024-08-19

Times Seen34714

Size504 B (504 bytes)

MD56720792332fb717894b4e5221fdc3d86

SHA1f79b1d3611fb53cea950acb15000473ae7174149

SHA25667dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4813
Expires: Fri, 21 Jun 2024 03:13:13 GMT
Date: Fri, 21 Jun 2024 01:53:00 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-21

Last Seen2024-08-19

Times Seen34714

Size504 B (504 bytes)

MD56720792332fb717894b4e5221fdc3d86

SHA1f79b1d3611fb53cea950acb15000473ae7174149

SHA25667dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4813
Expires: Fri, 21 Jun 2024 03:13:13 GMT
Date: Fri, 21 Jun 2024 01:53:00 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-21

Last Seen2024-08-19

Times Seen34714

Size504 B (504 bytes)

MD56720792332fb717894b4e5221fdc3d86

SHA1f79b1d3611fb53cea950acb15000473ae7174149

SHA25667dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4790
Expires: Fri, 21 Jun 2024 03:12:50 GMT
Date: Fri, 21 Jun 2024 01:53:00 GMT
Connection: keep-alive