File name:

uehh.exe

Full analysis: https://app.any.run/tasks/cb5b4b17-559a-40cd-9e3f-42bb312370e7
Verdict: Malicious activity
Analysis date: December 23, 2024, 11:21:44
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
MD5:

C29215C09E5327546AE851A271A86BA9

SHA1:

13463D49CCEDB3B068BA8E406185B940CABA0D27

SHA256:

05021C2F4DF2687154F46B87E6C4EE7407DF95A81B24B470BE3333867074AB19

SSDEEP:

3072:eITLlTTLb4lasSHyWYCEld+dK9XS0MPwxPfxXrP/m5K:eItTTJRH/YdACP/m5K

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Detects Cygwin installation

      • WinRAR.exe (PID: 4704)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 4704)

    • Reads Microsoft Outlook installation path

      • update.exe (PID: 2280)
      • update.exe (PID: 5592)
      • hh.exe (PID: 2436)

    • Reads security settings of Internet Explorer

      • update.exe (PID: 2280)
      • update.exe (PID: 5592)
      • uedit64.exe (PID: 4528)

    • Executes application which crashes

      • update.exe (PID: 2280)

    • Reads Internet Explorer settings

      • hh.exe (PID: 2436)
      • uedit64.exe (PID: 4528)

    • Creates/Modifies COM task schedule object

      • uedit64.exe (PID: 4528)

  • INFO

    • Checks supported languages

      • uehh.exe (PID: 4824)
      • update.exe (PID: 2280)
      • update.exe (PID: 5592)
      • UACHelper.exe (PID: 4968)
      • idmcl.exe (PID: 1488)
      • identity_helper.exe (PID: 6368)
      • uedit64.exe (PID: 4528)
      • uedit64.com (PID: 2012)
      • IDMMonitor.exe (PID: 6368)
      • IDMMonitor.exe (PID: 6164)
      • uedit64.exe (PID: 1356)
      • ues_ctags.exe (PID: 2216)
      • ues_ctags.exe (PID: 4244)
      • ues_ctags.exe (PID: 3092)
      • UEDOS32.exe (PID: 1904)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 4704)
      • hh.exe (PID: 2436)
      • msedge.exe (PID: 6152)

    • The process uses the downloaded file

      • WinRAR.exe (PID: 4704)
      • update.exe (PID: 2280)
      • update.exe (PID: 5592)
      • uedit64.exe (PID: 4528)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 4704)
      • msedge.exe (PID: 6152)

    • Manual execution by a user

      • update.exe (PID: 2280)
      • WinRAR.exe (PID: 4704)
      • update.exe (PID: 1512)
      • update.exe (PID: 648)
      • update.exe (PID: 5592)
      • UACHelper.exe (PID: 1416)
      • UACHelper.exe (PID: 4968)
      • idmcl.exe (PID: 1488)
      • UACHelper.exe (PID: 6152)
      • UACHelper.exe (PID: 2160)
      • hh.exe (PID: 2436)
      • msedge.exe (PID: 5304)
      • uedit64.com (PID: 2012)
      • uedit64.exe (PID: 1356)
      • UEDOS32.exe (PID: 1904)
      • msedge.exe (PID: 2572)

    • Process checks whether UAC notifications are on

      • update.exe (PID: 2280)
      • update.exe (PID: 5592)

    • Create files in a temporary directory

      • update.exe (PID: 2280)
      • update.exe (PID: 5592)
      • uedit64.exe (PID: 4528)

    • Reads the computer name

      • update.exe (PID: 2280)
      • update.exe (PID: 5592)
      • uedit64.exe (PID: 4528)

    • Checks proxy server information

      • update.exe (PID: 2280)
      • WerFault.exe (PID: 3884)
      • hh.exe (PID: 2436)
      • update.exe (PID: 5592)
      • uedit64.exe (PID: 4528)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 3884)
      • UACHelper.exe (PID: 2160)
      • hh.exe (PID: 2436)
      • uedit64.exe (PID: 4528)
      • uedit64.exe (PID: 1356)

    • Reads security settings of Internet Explorer

      • WerFault.exe (PID: 3884)
      • hh.exe (PID: 2436)

    • Application launched itself

      • msedge.exe (PID: 4244)
      • msedge.exe (PID: 6672)
      • msedge.exe (PID: 5304)

    • Reads Microsoft Office registry keys

      • uedit64.exe (PID: 4528)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:02:04 18:35:03+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 54784
InitializedDataSize: 29696
UninitializedDataSize: -
EntryPoint: 0x169a
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
232
Monitored processes
93
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start uehh.exe no specs winrar.exe rundll32.exe no specs update.exe no specs update.exe werfault.exe update.exe no specs update.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs uachelper.exe no specs uachelper.exe conhost.exe no specs idmcl.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs uachelper.exe no specs uachelper.exe conhost.exe no specs hh.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs uedit64.com no specs conhost.exe no specs uedit64.exe idmmonitor.exe no specs uedit64.exe no specs idmmonitor.exe no specs ues_ctags.exe no specs conhost.exe no specs ues_ctags.exe no specs conhost.exe no specs ues_ctags.exe no specs conhost.exe no specs uedos32.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
448"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6160 --field-trial-handle=2332,i,14562937680661893996,2359969075078974430,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
648"C:\Users\admin\Desktop\UltraEdit\update.exe" C:\Users\admin\Desktop\UltraEdit\update.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\ultraedit\update.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
648"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5256 --field-trial-handle=2332,i,14562937680661893996,2359969075078974430,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
776\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeues_ctags.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1076\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeues_ctags.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5260 --field-trial-handle=2332,i,14562937680661893996,2359969075078974430,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1356"C:\Users\admin\Desktop\UltraEdit\uedit64.exe" C:\Users\admin\Desktop\UltraEdit\uedit64.exeexplorer.exe
User:
admin
Company:
IDM Computer Solutions, Inc.
Integrity Level:
MEDIUM
Description:
UltraEdit Professional Text/Hex Editor
Exit code:
0
Version:
28.00.0.66
Modules
Images
c:\users\admin\desktop\ultraedit\uedit64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1412"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2644 --field-trial-handle=2396,i,3679529484896080314,4994623713895938291,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1416"C:\Users\admin\Desktop\UltraEdit\UACHelper.exe" C:\Users\admin\Desktop\UltraEdit\UACHelper.exeexplorer.exe
User:
admin
Company:
IDM Computer Solutions, Inc.
Integrity Level:
MEDIUM
Description:
UAC helper utility
Exit code:
3221226540
Version:
1.0.0.5
Modules
Images
c:\users\admin\desktop\ultraedit\uachelper.exe
c:\windows\system32\ntdll.dll
1488"C:\Users\admin\Desktop\UltraEdit\idmcl.exe" C:\Users\admin\Desktop\UltraEdit\idmcl.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\desktop\ultraedit\idmcl.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
19 094
Read events
18 969
Write events
120
Delete events
5

Modification events

(PID) Process:(4704) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(4704) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(4704) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(4704) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\UltraEdit.zip
(PID) Process:(4704) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(4704) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(4704) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(4704) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2280) update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2280) update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
82
Suspicious files
1 020
Text files
632
Unknown types
8

Dropped files

PID
Process
Filename
Type
4704WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa4704.24543\UltraEdit\changes.txttext
MD5:2112DDA6FFCA604C973C959C992979A9
SHA256:5A49F42F7669E965B6A5BE53C56552344536966C240194AA233C31E04FD075F7
4704WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa4704.24543\UltraEdit\default data\themes\Espresso.ue-themexml
MD5:CF9966D0848A98D36C5FDDD4E0F2B9F5
SHA256:A73B7ECCFE77FB970A08EC288C7EA2FE7B4435BE8C3638FD7EAAF152CC3F64F9
4704WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa4704.24543\UltraEdit\default data\themes\Classic.ue-themexml
MD5:BEAD5EAF2A6EA532C2F48EAF87E54B56
SHA256:3E76B199DA2B0D7418841219310A69AC8A1E144325DAF37D2AA358C17AA14BDE
4704WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa4704.24543\UltraEdit\default data\themes\Charcoal.ue-themexml
MD5:BA9EAFD09F293C2E8DB046622E518241
SHA256:1C777EFF316390E55B05A195022B025F36F49CEA51F9CC26BFEBBEF248A221CC
4704WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa4704.24543\UltraEdit\default data\themes\Glitch.ue-themexml
MD5:EAC93594B3F0F37260AF9FA79B8CCD5C
SHA256:671B0ADE7D3611B00823D412B9AB7561A5DA026028B42CC8661F3832C3013FC9
4704WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa4704.24543\UltraEdit\ErrorReporting\IDMMonitor.exeexecutable
MD5:1C90F55498DBBBA8D828DE4B008DD255
SHA256:33FD3C51BC0497B0304C981AFBDC644CF6E5FB7F0C2A77FE19998E2B2DD08426
4704WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa4704.24543\UltraEdit\default data\themes\Slate.ue-themexml
MD5:E1A116CEA4A9100971CCCF247157C84C
SHA256:EF1EAEE9DE300740ADFDB204D8B5E31F92B34132B0CB0D18D6583BEB30AEBFFF
4704WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa4704.24543\UltraEdit\default data\themes\Titanium.ue-themexml
MD5:CE7CE33D0A874915A8BCE8A484986909
SHA256:0943B4B3E7B338435395C66FDDAA99DC0A5FD22AC2D757CF053396DFA8848803
4704WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa4704.24543\UltraEdit\extras\fp\fp.htmlhtml
MD5:352DC37BD1B39C6EE7D81A24BDC0826B
SHA256:47C5D1ED5ADF3FE7488070E28378760C086F5178F0E4103109F5C80D29376CB1
4704WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa4704.24543\UltraEdit\ErrorReporting\IDMRem.dllexecutable
MD5:424F30630A52B772706FDFEDD4AA4EE8
SHA256:1256F598404DB235180ACC4B930187D4B700C230121BCC6A3866ACB162E9DE7D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
56
TCP/UDP connections
138
DNS requests
188
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
US
binary
314 b
whitelisted
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
1.01 Kb
whitelisted
5912
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
DE
binary
408 b
whitelisted
5912
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
DE
binary
418 b
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
DE
binary
973 b
whitelisted
5836
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
US
binary
471 b
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
3884
WerFault.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
binary
1.01 Kb
whitelisted
6900
msedge.exe
GET
304
69.192.161.44:80
http://x1.i.lencr.org/
DE
whitelisted
3884
WerFault.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
DE
binary
973 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1684
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.23.209.158:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2.16.164.120:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
40.126.31.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.110
whitelisted
www.bing.com
  • 2.23.209.158
  • 2.23.209.160
  • 2.23.209.144
  • 2.23.209.149
  • 2.23.209.177
  • 2.23.209.156
  • 2.23.209.176
  • 2.23.209.148
  • 2.23.209.150
  • 104.126.37.171
  • 104.126.37.163
  • 104.126.37.161
  • 104.126.37.168
  • 104.126.37.170
  • 104.126.37.162
  • 104.126.37.153
  • 104.126.37.155
  • 104.126.37.160
  • 2.23.209.154
  • 2.23.209.141
  • 2.23.209.140
  • 2.23.209.143
  • 2.23.209.183
  • 2.23.209.181
  • 2.23.209.189
  • 2.23.209.182
  • 2.23.209.185
  • 2.23.209.179
  • 2.23.209.130
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl.microsoft.com
  • 2.16.164.120
  • 2.16.164.72
  • 23.53.40.178
  • 23.53.40.176
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 184.30.21.171
whitelisted
login.live.com
  • 40.126.31.73
  • 20.190.159.73
  • 20.190.159.75
  • 20.190.159.23
  • 20.190.159.68
  • 20.190.159.71
  • 20.190.159.64
  • 40.126.31.71
whitelisted
go.microsoft.com
  • 184.28.89.167
  • 23.35.238.131
whitelisted
arc.msn.com
  • 20.223.35.26
  • 20.31.169.57
  • 20.103.156.88
whitelisted
fd.api.iris.microsoft.com
  • 20.223.36.55
whitelisted

Threats

PID
Process
Class
Message
6900
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
6900
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
6900
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
6900
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
uehh.exe