File name:

0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin

Full analysis: https://app.any.run/tasks/e4875ef3-f008-4c4e-9245-c14a298c83df
Verdict: Malicious activity
Analysis date: April 29, 2025, 17:09:51
OS: Windows 11 Professional (build: 22000, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
MD5:

9388918BDBB70701C6491090BF072345

SHA1:

F0F395212B2906DA71CB4843C7EFD2632BE6E699

SHA256:

0B6318AF44AD2E434D7CFCE95E8EEBA2357C226355478A6CFDFBE464D9E5E467

SSDEEP:

6144:xLiOQF13Arg4WkLNvKbTao1gp1aiB7gtyCm4z4FwzbzD:xLbQF1wrgYRvKio21b7gt1z4FwzbzD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 2036)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 2380)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 4588)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 3700)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 1684)

    • Reads the date of Windows installation

      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 2036)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 3700)

    • Application launched itself

      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 2036)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 3700)

    • Reads the Internet Settings

      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 2036)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 2380)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 4588)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 3700)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 1684)

    • Executable content was dropped or overwritten

      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 2380)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 4588)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 1684)

  • INFO

    • Checks supported languages

      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 2036)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 2380)
      • Run.exe (PID: 1952)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 4588)
      • Run.exe (PID: 856)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 1684)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 3700)
      • Run.exe (PID: 5316)

    • Reads the computer name

      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 2036)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 2380)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 3700)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 4588)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 1684)

    • Creates files or folders in the user directory

      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 2380)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 4588)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 1684)

    • Manual execution by a user

      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 3700)
      • 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe (PID: 1684)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:04:28 05:12:26+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.16
CodeSize: 19968
InitializedDataSize: 218112
UninitializedDataSize: -
EntryPoint: 0x4d94
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
113
Monitored processes
9
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe no specs 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe run.exe no specs 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe no specs 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe run.exe no specs dllhost.exe no specs 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe run.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
856"C:\Users\admin\AppData\Local\a\Run.exe"C:\Users\admin\AppData\Local\a\Run.exe0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\a\run.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
1684"C:\Users\admin\Desktop\0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe" C:\Users\admin\Desktop\0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
1952"C:\Users\admin\AppData\Local\a\Run.exe"C:\Users\admin\AppData\Local\a\Run.exe0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\a\run.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
2036"C:\Users\admin\Desktop\0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe" C:\Users\admin\Desktop\0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
2380"C:\Users\admin\Desktop\0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe" C:\Users\admin\Desktop\0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe
0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
2872"C:\Windows\system32\DllHost.exe" /Processid:{B41DB860-64E4-11D2-9906-E49FADC173CA}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
3700"C:\Users\admin\Desktop\0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe" C:\Users\admin\Desktop\0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
4588"C:\Users\admin\Desktop\0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe" C:\Users\admin\Desktop\0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe
0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
5316"C:\Users\admin\AppData\Local\a\Run.exe"C:\Users\admin\AppData\Local\a\Run.exe0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\a\run.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
Total events
4 061
Read events
4 021
Write events
40
Delete events
0

Modification events

(PID) Process:(2036) 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2036) 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2036) 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2036) 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2380) 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2380) 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2380) 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2380) 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3700) 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3700) 0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
6
Suspicious files
16
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
23800b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeC:\Users\admin\AppData\Local\a\a.zipcompressed
MD5:FD6248C1973739014795B84D64442700
SHA256:7D62276502C1613A48C27DAF3E7F787536235C3D16A48D511277D9575334539D
45880b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeC:\Users\admin\AppData\Local\a\Modules\config\simg32.dllbinary
MD5:3DE8EE2AEB82AB4FAD0E0A4F906EB43B
SHA256:5247D9DDAF007DEF90E38455376D892B6E31BDE79E0E8A296EA6C2C47887532D
23800b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeC:\Users\admin\AppData\Local\a\Modules\config\code.dllbinary
MD5:DDC59288CD276CAEB25BD2C7C5E7BB7A
SHA256:F4D0F3718C76C873C3A6AD4B85C1EA98A3F19F1F09392ECD90119E57319EEED9
23800b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeC:\Users\admin\AppData\Local\a\Run.exeexecutable
MD5:12C37F287EDC97826A5213E1E4F0DADA
SHA256:7BF8E13E52EA05728EB088E472C137B09E5CB6EEB1E2C0C34177B666DF615C1C
45880b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeC:\Users\admin\AppData\Local\a\Modules\dxpi.txtbinary
MD5:37A7BEB5F7B7D6D43D15A4CF1F08AA07
SHA256:F26BA49DD12FE09E4D833BDBB6495B8ED3C4E188969368200DE066A95DE7F77A
23800b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeC:\Users\admin\AppData\Local\a\Modules\config\fig64.dllbinary
MD5:B1730E1E97F3C6871EDFF6A1A5724A62
SHA256:A15ED4741D7E9581BA11857AA36F6A876B3220384560955B6B125109EB0AC762
23800b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeC:\Users\admin\AppData\Local\a\Modules\config\Db.dllbinary
MD5:99E83925906352C71ADBADA4282D1C17
SHA256:99D271898E789594FE35B02D1DCAC69B26544F2E5872EE56DDC6480E5FEBC8F3
23800b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeC:\Users\admin\AppData\Local\a\Modules\config\simg32.dllbinary
MD5:3DE8EE2AEB82AB4FAD0E0A4F906EB43B
SHA256:5247D9DDAF007DEF90E38455376D892B6E31BDE79E0E8A296EA6C2C47887532D
45880b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeC:\Users\admin\AppData\Local\a\Run.exeexecutable
MD5:12C37F287EDC97826A5213E1E4F0DADA
SHA256:7BF8E13E52EA05728EB088E472C137B09E5CB6EEB1E2C0C34177B666DF615C1C
45880b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin.exeC:\Users\admin\AppData\Local\a\Modules\config\fig64.dllbinary
MD5:B1730E1E97F3C6871EDFF6A1A5724A62
SHA256:A15ED4741D7E9581BA11857AA36F6A876B3220384560955B6B125109EB0AC762
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
10
DNS requests
7
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2352
smartscreen.exe
GET
200
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9347fc670322cdaa
unknown
whitelisted
2352
smartscreen.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
1352
svchost.exe
GET
200
23.53.40.146:80
http://www.msftconnecttest.com/connecttest.txt
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1352
svchost.exe
23.53.40.113:80
Akamai International B.V.
DE
unknown
2352
smartscreen.exe
20.56.187.20:443
checkappexec.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2352
smartscreen.exe
199.232.210.172:80
ctldl.windowsupdate.com
FASTLY
US
whitelisted
2352
smartscreen.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
5812
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1036
svchost.exe
104.102.63.189:443
fs.microsoft.com
AKAMAI-AS
US
whitelisted
3952
svchost.exe
239.255.255.250:1900
whitelisted
1352
svchost.exe
23.53.40.146:80
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.206
whitelisted
checkappexec.microsoft.com
  • 20.56.187.20
whitelisted
ctldl.windowsupdate.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
fs.microsoft.com
  • 104.102.63.189
whitelisted
dns.msftncsi.com
  • 131.107.255.255
whitelisted

Threats

PID
Process
Class
Message
1352
svchost.exe
Misc activity
ET INFO Microsoft Connection Test
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
0b6318af44ad2e434d7cfce95e8eeba2357c226355478a6cfdfbe464d9e5e467.bin