File name:

cool-heic-converter.exe

Full analysis: https://app.any.run/tasks/02a3a664-1b13-4bad-8134-a138559afe1b
Verdict: Malicious activity
Analysis date: August 05, 2024, 20:54:58
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

3A1B05B4A8347F659D1817A27757F22D

SHA1:

2705E70060F0AE837E2C9B3B1C3791D0360A26F3

SHA256:

010E9DC9A07854E8EFA4D67C1F76FB1F953B347D95122B344A3DDB96871EFA8D

SSDEEP:

98304:7D4yRGRGy29ElnSCTm/43YpkYljmTxmPKle7lYC9ghTipUEYq77CBX/65lpm3qWw:OUBZQm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • cool-heic-converter.exe (PID: 6516)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • cool-heic-converter.exe (PID: 6516)

    • The process creates files with name similar to system file names

      • cool-heic-converter.exe (PID: 6516)

    • Executable content was dropped or overwritten

      • cool-heic-converter.exe (PID: 6516)

    • The process drops C-runtime libraries

      • cool-heic-converter.exe (PID: 6516)

    • Process drops legitimate windows executable

      • cool-heic-converter.exe (PID: 6516)

    • Creates a software uninstall entry

      • cool-heic-converter.exe (PID: 6516)

    • Reads security settings of Internet Explorer

      • cool-heic-converter.exe (PID: 6516)

  • INFO

    • Checks supported languages

      • cool-heic-converter.exe (PID: 6516)
      • Coolmuster HEIC Converter.exe (PID: 236)
      • identity_helper.exe (PID: 2852)

    • Create files in a temporary directory

      • cool-heic-converter.exe (PID: 6516)

    • Reads the computer name

      • cool-heic-converter.exe (PID: 6516)
      • Coolmuster HEIC Converter.exe (PID: 236)
      • identity_helper.exe (PID: 2852)

    • Creates files in the program directory

      • cool-heic-converter.exe (PID: 6516)

    • Creates files or folders in the user directory

      • cool-heic-converter.exe (PID: 6516)

    • Reads Microsoft Office registry keys

      • cool-heic-converter.exe (PID: 6516)
      • msedge.exe (PID: 3916)
      • msedge.exe (PID: 2384)

    • Application launched itself

      • msedge.exe (PID: 3916)
      • msedge.exe (PID: 2384)

    • Manual execution by a user

      • msedge.exe (PID: 2384)

    • Reads the machine GUID from the registry

      • Coolmuster HEIC Converter.exe (PID: 236)

    • Reads Environment values

      • identity_helper.exe (PID: 2852)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:55:49+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x34f7
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
174
Monitored processes
51
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start cool-heic-converter.exe msedge.exe no specs coolmuster heic converter.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cool-heic-converter.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
188"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5844 --field-trial-handle=2324,i,8255893652974570278,6867387770053305186,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
236"C:\Program Files (x86)\Coolmuster\Coolmuster HEIC Converter\2.1.15\Bin\Coolmuster HEIC Converter.exe"C:\Program Files (x86)\Coolmuster\Coolmuster HEIC Converter\2.1.15\Bin\Coolmuster HEIC Converter.exe
cool-heic-converter.exe
User:
admin
Integrity Level:
HIGH
Description:
HeicConverterManager Module
Version:
1.0.2.1
Modules
Images
c:\program files (x86)\coolmuster\coolmuster heic converter\2.1.15\bin\coolmuster heic converter.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
300"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4560 --field-trial-handle=2324,i,8255893652974570278,6867387770053305186,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
304"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4364 --field-trial-handle=2324,i,8255893652974570278,6867387770053305186,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
368"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3692 --field-trial-handle=2324,i,8255893652974570278,6867387770053305186,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
460"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2416 --field-trial-handle=2424,i,10437240606403934085,4168595676670383802,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1164"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4960 --field-trial-handle=2324,i,8255893652974570278,6867387770053305186,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1536"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x310,0x314,0x318,0x308,0x320,0x7fffd4775fd8,0x7fffd4775fe4,0x7fffd4775ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1644"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5980 --field-trial-handle=2324,i,8255893652974570278,6867387770053305186,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1692"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5740 --field-trial-handle=2324,i,8255893652974570278,6867387770053305186,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
13 333
Read events
13 133
Write events
197
Delete events
3

Modification events

(PID) Process:(6516) cool-heic-converter.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coolmuster HEIC Converter
Operation:writeName:DisplayName
Value:
Coolmuster HEIC Converter
(PID) Process:(6516) cool-heic-converter.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coolmuster HEIC Converter
Operation:writeName:DisplayIcon
Value:
"C:\Program Files (x86)\Coolmuster\Coolmuster HEIC Converter\2.1.15\Bin\Coolmuster HEIC Converter.exe"
(PID) Process:(6516) cool-heic-converter.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coolmuster HEIC Converter
Operation:writeName:Publisher
Value:
Coolmuster
(PID) Process:(6516) cool-heic-converter.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coolmuster HEIC Converter
Operation:writeName:DisplayVersion
Value:
2.1.15
(PID) Process:(6516) cool-heic-converter.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coolmuster HEIC Converter
Operation:writeName:VersionMajor
Value:
2
(PID) Process:(6516) cool-heic-converter.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coolmuster HEIC Converter
Operation:writeName:VersionMinor
Value:
1
(PID) Process:(6516) cool-heic-converter.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coolmuster HEIC Converter
Operation:writeName:EstimatedSize
Value:
960
(PID) Process:(6516) cool-heic-converter.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coolmuster HEIC Converter
Operation:writeName:HelpLink
Value:
https://www.coolmuster.com/
(PID) Process:(6516) cool-heic-converter.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coolmuster HEIC Converter
Operation:writeName:URLInfoAbout
Value:
https://www.coolmuster.com/
(PID) Process:(6516) cool-heic-converter.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coolmuster HEIC Converter
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\Coolmuster\Coolmuster HEIC Converter\2.1.15
Executable files
83
Suspicious files
218
Text files
183
Unknown types
2

Dropped files

PID
Process
Filename
Type
6516cool-heic-converter.exeC:\Users\admin\AppData\Local\Temp\nsi76B3.tmp\wizard120.bmpimage
MD5:5C78A0AF6DDF5B10C9EB2AA236EF5734
SHA256:FCF34FB9C3B1E56119047F36FD9394459964BDFCDF111935B88A083D5D122F36
6516cool-heic-converter.exeC:\Users\admin\AppData\Local\Temp\nsi76B3.tmp\wizard192.bmpimage
MD5:EC00BEA1C2D669404AE6ED32B3AC4F03
SHA256:888116B707707A6CEDD44AF7096EDDE82160711E203C206560279DB2B6817F01
6516cool-heic-converter.exeC:\Users\admin\AppData\Local\Temp\nsi76B3.tmp\license_jp.txttext
MD5:FB39DB807B19158B40FD44AAB0273341
SHA256:FB66ABBFA5B477BF0C213C7D6237518E51456F60D450773BBC23745F02A3CFFC
6516cool-heic-converter.exeC:\Users\admin\AppData\Local\Temp\nsi76B3.tmp\license_cn.txttext
MD5:C27F5D13DA7C4EEC13836B8514AFD78D
SHA256:5E8F60259576B5579820DCA21CA77E18A38391DC8420129046AFFE2DBD1D9BFA
6516cool-heic-converter.exeC:\Users\admin\AppData\Local\Temp\nsi76B3.tmp\wizard144.bmpimage
MD5:50510CD169CFD8B67305A7DB9D15E62E
SHA256:67A14B428C91088080A337661DE0E595759E869082EB46F0CD591D42B79EE83B
6516cool-heic-converter.exeC:\Users\admin\AppData\Local\Temp\nsi76B3.tmp\wizard96.bmpimage
MD5:0EC33DD4FC12A67FC9DFAE55D864A0BE
SHA256:C368E788FFCA10847B1177390B505D4CF4614E3E510886DB52D023F74E10CE8B
6516cool-heic-converter.exeC:\Users\admin\AppData\Local\Temp\nsi76B3.tmp\license.txttext
MD5:3A97323EA64EF302A0AB2935E03ECA72
SHA256:8A0CBC61C4E122552EC158EEB6F033FED74989E8AE3E5961C459DE5D80D0EE86
6516cool-heic-converter.exeC:\Users\admin\AppData\Local\Temp\nsi76B3.tmp\license_br.txttext
MD5:FBEA2A35AE39742673D42845C168B1E2
SHA256:9F4847AB51CFC1C9842B01AD6DECC0099343C162B6D578AE5678E97F20A8280E
6516cool-heic-converter.exeC:\Users\admin\AppData\Local\Temp\nsi76B3.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
6516cool-heic-converter.exeC:\Users\admin\AppData\Local\Temp\nsi76B3.tmp\license_it.txttext
MD5:F00C458CDA413C7112560335532C00D2
SHA256:09D3E135258C93541C57EAC95657CF68F655B62F3F8F54AA7CEB8D1D40F0971F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
442
TCP/UDP connections
187
DNS requests
136
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
OPTIONS
200
23.48.23.26:443
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
GET
304
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=EdgeRuntime%2CEdgeRuntimeConfig%2CEdgeDomainActions&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=38&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
GET
200
72.167.151.208:443
https://www.coolmuster.com/public/assets/images/install_logo_1.png
unknown
GET
200
204.79.197.239:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=122.0.2365.59&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
binary
465 b
GET
200
13.107.246.67:443
https://edge-mobile-static.azureedge.net/eccp/get?settenant=edge-config&setplatform=win&setmkt=en-US&setchannel=stable
unknown
binary
12.6 Kb
GET
200
72.167.151.208:443
https://www.coolmuster.com/thankyou/heic-converter.html?version=2.1.15
unknown
html
31.5 Kb
GET
401
13.107.6.158:443
https://business.bing.com/work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox
unknown
binary
584 b
GET
200
72.167.151.208:443
https://www.coolmuster.com/public/skin/default/js/jquery-1.4.2.min.js
unknown
html
93.5 Kb
GET
200
72.167.151.208:443
https://www.coolmuster.com/public/skin/default/css/style.css
unknown
text
104 Kb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4056
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
2120
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5028
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4324
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6440
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
  • 51.124.78.146
whitelisted
google.com
  • 172.217.18.14
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.coolmuster.com
  • 72.167.151.208
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.60
whitelisted
bzib.nelreports.net
  • 2.22.242.11
  • 2.22.242.105
whitelisted
www.bing.com
  • 2.23.209.149
  • 2.23.209.187
  • 2.23.209.133
  • 2.23.209.182
  • 2.23.209.130
  • 2.23.209.140
  • 92.123.104.40
  • 92.123.104.52
  • 92.123.104.28
  • 92.123.104.59
  • 92.123.104.32
  • 92.123.104.31
  • 92.123.104.47
  • 92.123.104.19
  • 92.123.104.33
  • 92.123.104.60
  • 92.123.104.62
  • 92.123.104.34
  • 92.123.104.38
whitelisted
www.googletagmanager.com
  • 142.250.185.72
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
cool-heic-converter.exe