download:

/Rem0o/FanControl.Releases/releases/download/V174/FanControl_net_4_8.zip

Full analysis: https://app.any.run/tasks/8cd9c5ba-4ac9-491e-b5d0-463733ccd631
Verdict: Malicious activity
Analysis date: November 22, 2023, 13:12:36
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

790A7DE027DFAD9F488C822E627606EC

SHA1:

6FC0DD9F90FFEE857F5626DFD39A6D6E62664F47

SHA256:

0FD330A8003A52BAB8DF7E28F3AC3F5EF9272C5F11FF6797AAEE0E0ECC71C8A8

SSDEEP:

98304:+XvHssfCyyy/CpxwDjpa9vkGBcqbjW/Vo7yDKPMohYE+HkhaiNXwGp0t0+wYeaxJ:f3UNFFordJwEm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • NDP481-Web.exe (PID: 856)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • iexplore.exe (PID: 2900)
      • iexplore.exe (PID: 3484)
      • NDP481-Web.exe (PID: 856)

  • INFO

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 3944)
      • Setup.exe (PID: 844)
      • NDP481-Web.exe (PID: 856)

    • Checks supported languages

      • wmpnscfg.exe (PID: 3944)
      • Setup.exe (PID: 844)
      • NDP481-Web.exe (PID: 856)

    • Reads the computer name

      • wmpnscfg.exe (PID: 3944)
      • Setup.exe (PID: 844)
      • NDP481-Web.exe (PID: 856)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3944)
      • msedge.exe (PID: 4088)
      • iexplore.exe (PID: 3484)

    • Application launched itself

      • iexplore.exe (PID: 3484)
      • msedge.exe (PID: 4088)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 2900)
      • iexplore.exe (PID: 3484)

    • The process uses the downloaded file

      • iexplore.exe (PID: 3484)

    • Reads CPU info

      • Setup.exe (PID: 844)

    • Create files in a temporary directory

      • Setup.exe (PID: 844)
      • NDP481-Web.exe (PID: 856)

    • Reads Environment values

      • Setup.exe (PID: 844)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2022:02:10 18:07:10
ZipCRC: 0xdb6673c5
ZipCompressedSize: 4058
ZipUncompressedSize: 9728
ZipFileName: de\Microsoft.Win32.TaskScheduler.resources.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
56
Monitored processes
17
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs iexplore.exe iexplore.exe wmpnscfg.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs ndp481-web.exe no specs ndp481-web.exe setup.exe

Process information

PID
CMD
Path
Indicators
Parent process
600"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1328 --field-trial-handle=1352,i,4935353876600280946,16498269546592958331,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
844C:\b78ee3fd20d41eaad75ad19cbe974c23\\Setup.exe /x86 /x64 /webC:\b78ee3fd20d41eaad75ad19cbe974c23\Setup.exe
NDP481-Web.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Setup Installer
Exit code:
5100
Version:
14.8.9195.0 built by: NET481REL1LAST_B
Modules
Images
c:\b78ee3fd20d41eaad75ad19cbe974c23\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\b78ee3fd20d41eaad75ad19cbe974c23\setupengine.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
856"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\NDP481-Web.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\NDP481-Web.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft .NET Framework 4.8.1 Setup
Exit code:
5100
Version:
4.8.09195.10
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\78rfyb7z\ndp481-web.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
984"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1544 --field-trial-handle=1352,i,4935353876600280946,16498269546592958331,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1272"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1352,i,4935353876600280946,16498269546592958331,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1276"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1352,i,4935353876600280946,16498269546592958331,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1352"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1284 --field-trial-handle=1352,i,4935353876600280946,16498269546592958331,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1644"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1548 --field-trial-handle=1352,i,4935353876600280946,16498269546592958331,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1876"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1352,i,4935353876600280946,16498269546592958331,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2412"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\NDP481-Web.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\NDP481-Web.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft .NET Framework 4.8.1 Setup
Exit code:
3221226540
Version:
4.8.09195.10
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\78rfyb7z\ndp481-web.exe
c:\windows\system32\ntdll.dll
Total events
29 734
Read events
29 519
Write events
212
Delete events
3

Modification events

(PID) Process:(3440) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17A\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3440) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3440) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3440) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3440) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3440) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3440) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3440) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3484) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3484) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
Executable files
45
Suspicious files
152
Text files
194
Unknown types
0

Dropped files

PID
Process
Filename
Type
2900iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
3484iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[2].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868binary
MD5:46062E7C9E67CC893EBB5AA1D767B768
SHA256:DEE186708A6B9267AA497F58EE69A2EAF3F2DA79E2976898BBC789E2EF35E5DF
3484iexplore.exeC:\Users\admin\AppData\Local\Temp\StructuredQuery.logtext
MD5:AD55BD80EE59AB8391FA9E5E43F56B30
SHA256:1D0CEFA75DFDA6ED48F90F66719D2BDAFAFD5CC6BF81185F5069364D50AFD40E
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3484iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2900iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZBVV6W3X.txttext
MD5:471DE1F0F6813DD2EAF1CC0ECDEB39CD
SHA256:178119C79E97216C24E00F9C76C50F93FC7238BC9FDEE2D6B880895C732A8CAE
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868binary
MD5:3E05F8101BB0855E6323E56CBBA2B11F
SHA256:2E06708AFA4544DAF8EA2EA6BE9CD7BE27C0CE3FFD8BEFC84D7F6187F24F7F56
2900iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:84D54D3EAA944897F038CA48F597953A
SHA256:180B76169811997C3F15E25A14DAEFBCC1ACE0EDED55D63A9C436063C3EDF57A
2900iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\LUPX8KHE.txttext
MD5:1902AF23E24D6DA387D406147DD0BA66
SHA256:0E00B917EDC5F7357A3E790D36A2036F50C804024DB8DD949F4B0C39CE42A0E7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
93
DNS requests
78
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2900
iexplore.exe
GET
200
23.53.42.49:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e73df5971134faf8
unknown
compressed
4.66 Kb
unknown
2900
iexplore.exe
GET
200
23.53.42.49:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e7d806a2c31342ae
unknown
compressed
4.66 Kb
unknown
2900
iexplore.exe
GET
200
23.53.42.49:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?99c7329b4a6b1582
unknown
compressed
4.66 Kb
unknown
2900
iexplore.exe
GET
200
23.53.42.49:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6b9a7578bee27f76
unknown
compressed
4.66 Kb
unknown
2900
iexplore.exe
GET
200
23.53.42.49:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2d46bfa4e4beda44
unknown
compressed
4.66 Kb
unknown
2900
iexplore.exe
GET
200
23.53.42.49:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ca35a913d7910e9b
unknown
compressed
4.66 Kb
unknown
3484
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D
unknown
binary
471 b
unknown
2900
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D
unknown
binary
471 b
unknown
2900
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAxq6XzO1ZmDhpCgCp6lMhQ%3D
unknown
binary
471 b
unknown
2900
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2900
iexplore.exe
13.107.5.80:443
api.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2900
iexplore.exe
23.53.42.49:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
3484
iexplore.exe
204.79.197.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3484
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2900
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3484
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 23.53.42.49
  • 23.53.42.50
  • 23.53.42.66
  • 23.53.42.26
  • 23.53.41.250
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
dotnet.microsoft.com
  • 13.107.246.45
  • 13.107.213.45
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared
www.microsoft.com
  • 23.218.209.163
whitelisted

Threats

No threats detected
Process
Message
Setup.exe
A StopBlock was hit or a System Requirement was not met.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/Rem0o/FanControl.Releases/releases/download/V174/FanControl_net_4_8.zip