File name:

Action-Replay-DSi-Code-Manager-PC-software.zip

Full analysis: https://app.any.run/tasks/dac77d53-3c7b-48b3-8682-5480f994b388
Verdict: Malicious activity
Analysis date: December 07, 2024, 14:05:17
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

0B77ECD3D6DC867224CA3833080DD34D

SHA1:

BCD0167F8BB2C23A6D4750B6BFE70F40ADC5E637

SHA256:

0AFE2029B55F025FB8CD5C72400F92E2BD5EF1BDAD9DE2390DE8EB89A96EF337

SSDEEP:

98304:u0dC9Ir7xC47gTRtY3QFcMK+uWJv8ECxBYQd/xqyxf8X4z2rLRA5Ok+fLiUyh7zW:R9NWjLPIv0kyguZPOHfIhbO7Tc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6424)

    • Executing a file with an untrusted certificate

      • WindowsInstaller-KB893803-v2-x86.exe (PID: 7156)
      • update.exe (PID: 6396)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 6424)
      • ActionReplayDsiCodeManagerSetup-2018.tmp (PID: 6952)

    • Executable content was dropped or overwritten

      • ActionReplayDsiCodeManagerSetup-2018.exe (PID: 6932)
      • ActionReplayDsiCodeManagerSetup-2018.exe (PID: 7036)
      • ActionReplayDsiCodeManagerSetup-2018.tmp (PID: 7056)
      • WindowsInstaller-KB893803-v2-x86.exe (PID: 7156)
      • TiWorker.exe (PID: 6740)

    • Process drops legitimate windows executable

      • ActionReplayDsiCodeManagerSetup-2018.tmp (PID: 7056)
      • WindowsInstaller-KB893803-v2-x86.exe (PID: 7156)
      • msiexec.exe (PID: 5856)
      • TiWorker.exe (PID: 6740)

    • Reads the Windows owner or organization settings

      • ActionReplayDsiCodeManagerSetup-2018.tmp (PID: 7056)

    • The process drops C-runtime libraries

      • ActionReplayDsiCodeManagerSetup-2018.tmp (PID: 7056)

    • Drops a system driver (possible attempt to evade defenses)

      • ActionReplayDsiCodeManagerSetup-2018.tmp (PID: 7056)

    • The process creates files with name similar to system file names

      • WindowsInstaller-KB893803-v2-x86.exe (PID: 7156)

    • Executes as Windows Service

      • VSSVC.exe (PID: 2744)

  • INFO

    • Reads the computer name

      • ActionReplayDsiCodeManagerSetup-2018.tmp (PID: 6952)
      • ActionReplayDsiCodeManagerSetup-2018.tmp (PID: 7056)
      • WindowsInstaller-KB893803-v2-x86.exe (PID: 7156)
      • update.exe (PID: 6396)
      • msiexec.exe (PID: 5856)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6424)
      • msiexec.exe (PID: 5856)

    • The process uses the downloaded file

      • WinRAR.exe (PID: 6424)

    • Checks supported languages

      • ActionReplayDsiCodeManagerSetup-2018.tmp (PID: 6952)
      • ActionReplayDsiCodeManagerSetup-2018.exe (PID: 6932)
      • ActionReplayDsiCodeManagerSetup-2018.exe (PID: 7036)
      • ActionReplayDsiCodeManagerSetup-2018.tmp (PID: 7056)
      • WindowsInstaller-KB893803-v2-x86.exe (PID: 7156)
      • update.exe (PID: 6396)
      • msiexec.exe (PID: 5856)

    • Create files in a temporary directory

      • ActionReplayDsiCodeManagerSetup-2018.exe (PID: 6932)
      • ActionReplayDsiCodeManagerSetup-2018.tmp (PID: 7056)
      • ActionReplayDsiCodeManagerSetup-2018.exe (PID: 7036)

    • Process checks computer location settings

      • ActionReplayDsiCodeManagerSetup-2018.tmp (PID: 6952)

    • Creates files in the program directory

      • ActionReplayDsiCodeManagerSetup-2018.tmp (PID: 7056)

    • Creates a software uninstall entry

      • ActionReplayDsiCodeManagerSetup-2018.tmp (PID: 7056)

    • Reads the machine GUID from the registry

      • WindowsInstaller-KB893803-v2-x86.exe (PID: 7156)

    • Manages system restore points

      • SrTasks.exe (PID: 6708)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2017:02:22 15:54:58
ZipCRC: 0x5ee8a18b
ZipCompressedSize: 12061347
ZipUncompressedSize: 12099184
ZipFileName: ActionReplayDsiCodeManagerSetup-2018.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
17
Malicious processes
4
Suspicious processes
4

Behavior graph

Click at the process to see the details
start winrar.exe actionreplaydsicodemanagersetup-2018.exe actionreplaydsicodemanagersetup-2018.tmp no specs actionreplaydsicodemanagersetup-2018.exe actionreplaydsicodemanagersetup-2018.tmp windowsinstaller-kb893803-v2-x86.exe update.exe no specs msiexec.exe no specs msiexec.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs tiworker.exe dpinst64.exe no specs drvinst.exe no specs rundll32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1140rundll32.exe C:\WINDOWS\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{30085ca3-1ec2-b444-bea8-d90d68d2f96f} Global\{4674977e-8e30-0d4b-9697-8b487837d879} C:\WINDOWS\System32\DriverStore\Temp\{ef598336-b99a-2643-b1e6-2dc56763f0c8}\dsiarhwprog.inf C:\WINDOWS\System32\DriverStore\Temp\{ef598336-b99a-2643-b1e6-2dc56763f0c8}\dsiarhwprog.catC:\Windows\System32\rundll32.exedrvinst.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
2744C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3508"msiexec.exe" /quiet /passive /norestart /package "C:\Program Files (x86)\Datel\Action Replay DSi Code Manager\msxml.msi"C:\Windows\System32\msiexec.exeActionReplayDsiCodeManagerSetup-2018.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3628"C:\Program Files (x86)\Datel\Action Replay DSi Code Manager\Driver\dpinst64.exe"C:\Program Files (x86)\Datel\Action Replay DSi Code Manager\driver\dpinst64.exeActionReplayDsiCodeManagerSetup-2018.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Driver Package Installer
Version:
2.1
Modules
Images
c:\program files (x86)\datel\action replay dsi code manager\driver\dpinst64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5528DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{8ba5db45-f7ea-1344-878d-ef54cb0dffa0}\dsiarhwprog.inf" "9" "465bc6fff" "00000000000001C4" "WinSta0\Default" "00000000000001D8" "208" "c:\program files (x86)\datel\action replay dsi code manager\driver"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
5856C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
6396c:\a1a0c58f7c9c2e4291ca\UPDATE\update.exe /quiet /norestartC:\a1a0c58f7c9c2e4291ca\update\update.exeWindowsInstaller-KB893803-v2-x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Service Pack Setup
Exit code:
1603
Version:
6.1.0022.4 (SRV03_QFE.031113-0918)
Modules
Images
c:\a1a0c58f7c9c2e4291ca\update\update.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6424"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Action-Replay-DSi-Code-Manager-PC-software.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6704C:\Windows\syswow64\MsiExec.exe -Embedding 14B3F6A222221EB33AE1CEC8BEC3E66E M Global\MSI0000C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6708C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Windows System Protection background tasks.
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
12 412
Read events
12 011
Write events
361
Delete events
40

Modification events

(PID) Process:(6424) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6424) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6424) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6424) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Action-Replay-DSi-Code-Manager-PC-software.zip
(PID) Process:(6424) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6424) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6424) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6424) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(7056) ActionReplayDsiCodeManagerSetup-2018.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Action Replay DSi Code Manager_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.5.5 (a)
(PID) Process:(7056) ActionReplayDsiCodeManagerSetup-2018.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Action Replay DSi Code Manager_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\Datel\Action Replay DSi Code Manager
Executable files
48
Suspicious files
48
Text files
33
Unknown types
3

Dropped files

PID
Process
Filename
Type
7056ActionReplayDsiCodeManagerSetup-2018.tmpC:\Users\admin\Documents\Datel\Action Replay DSi Code Manager\local_codelists\is-DRS9B.tmp
MD5:
SHA256:
7056ActionReplayDsiCodeManagerSetup-2018.tmpC:\Users\admin\Documents\Datel\Action Replay DSi Code Manager\local_codelists\Default Codelist EU.xml
MD5:
SHA256:
6932ActionReplayDsiCodeManagerSetup-2018.exeC:\Users\admin\AppData\Local\Temp\is-39CQB.tmp\ActionReplayDsiCodeManagerSetup-2018.tmpexecutable
MD5:A94E0CABF42ACB2AE362CFE05A63EA6C
SHA256:B6C34F536EF91DCE413B79750568D7540D6A388C7E1476BAF24EDF29B2B7FE45
7056ActionReplayDsiCodeManagerSetup-2018.tmpC:\Users\admin\AppData\Local\Temp\is-VCAHH.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
6424WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6424.14875\ActionReplayDsiCodeManagerSetup-2018.exeexecutable
MD5:85041FFAD6822512CCEC8EA4A7F38ABD
SHA256:CA783EC48EF54F0878D650EDB1D2DED0E18AAA725300C3A832B8A7D426EC9480
7056ActionReplayDsiCodeManagerSetup-2018.tmpC:\Program Files (x86)\Datel\Action Replay DSi Code Manager\ActionReplayCodeManager.exeexecutable
MD5:2E9034F2810F2EE22C95771949AF9345
SHA256:2C12D2F8AE741950F967E3AF836A9554D518B167E6B4AAB26F6AC4F5C4758738
7036ActionReplayDsiCodeManagerSetup-2018.exeC:\Users\admin\AppData\Local\Temp\is-2NIAB.tmp\ActionReplayDsiCodeManagerSetup-2018.tmpexecutable
MD5:A94E0CABF42ACB2AE362CFE05A63EA6C
SHA256:B6C34F536EF91DCE413B79750568D7540D6A388C7E1476BAF24EDF29B2B7FE45
7056ActionReplayDsiCodeManagerSetup-2018.tmpC:\Program Files (x86)\Datel\Action Replay DSi Code Manager\msvcr71.dllexecutable
MD5:86F1895AE8C5E8B17D99ECE768A70732
SHA256:8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
7056ActionReplayDsiCodeManagerSetup-2018.tmpC:\Program Files (x86)\Datel\Action Replay DSi Code Manager\unins000.exeexecutable
MD5:48D82713C115DA50E7A659D579058B8B
SHA256:18953BA9F4BC149226826AE349D3AA8839AFD1C6D2E7359E86A35CBE1AD00DDE
7056ActionReplayDsiCodeManagerSetup-2018.tmpC:\Program Files (x86)\Datel\Action Replay DSi Code Manager\is-AAVLS.tmpexecutable
MD5:48D82713C115DA50E7A659D579058B8B
SHA256:18953BA9F4BC149226826AE349D3AA8839AFD1C6D2E7359E86A35CBE1AD00DDE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
33
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.16.164.99:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.99:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6152
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6180
SIHClient.exe
GET
200
23.218.209.163:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6180
SIHClient.exe
GET
200
23.218.209.163:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.99:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
2.16.164.99:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
2.23.209.179:443
www.bing.com
Akamai International B.V.
GB
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1176
svchost.exe
40.126.32.136:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
google.com
  • 142.250.181.238
whitelisted
crl.microsoft.com
  • 2.16.164.99
  • 2.16.164.49
  • 2.16.164.82
  • 2.16.164.89
  • 2.16.164.81
  • 2.16.164.106
  • 2.16.164.40
  • 2.16.164.107
  • 2.16.164.122
  • 2.16.241.19
  • 2.16.241.12
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 23.218.209.163
whitelisted
www.bing.com
  • 2.23.209.179
  • 2.23.209.140
  • 2.23.209.187
  • 2.23.209.130
  • 2.23.209.133
  • 2.23.209.189
  • 2.23.209.149
  • 2.23.209.182
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.136
  • 40.126.32.72
  • 40.126.32.134
  • 40.126.32.140
  • 40.126.32.68
  • 20.190.160.22
  • 20.190.160.14
  • 40.126.32.76
whitelisted
go.microsoft.com
  • 23.32.186.57
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
fd.api.iris.microsoft.com
  • 20.223.36.55
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Action-Replay-DSi-Code-Manager-PC-software.zip