File name:

microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.exe

Full analysis: https://app.any.run/tasks/3ac161b1-612c-4977-9bfe-2b804a287384
Verdict: Malicious activity
Analysis date: October 30, 2024, 14:12:27
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

0A16F76A3E64B4014E956FCE2AF4B38D

SHA1:

5206D9EA862DC0B8D4B787661174D6E4B65FD74A

SHA256:

11529A261BC9F448F4973BF6BE2CA0EB2D5B165B2905858DAEF3AB4E3B8CC210

SSDEEP:

49152:gdixrq3BdwVFNyUNiZdFih+6S1zoBTdJSkS6GvfdgDEJBxobROrn5rAl0sxZa44h:hrq3BdwVeJZk8z4TdJnoy1gRATqKPkvd

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • Update.exe (PID: 6208)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.tmp (PID: 5084)

    • Executable content was dropped or overwritten

      • microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.exe (PID: 2648)
      • microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.tmp (PID: 3700)
      • microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.exe (PID: 6740)
      • microsoft-teams-24244.507.3118.4732-installer.exe (PID: 7124)
      • Update.exe (PID: 6208)

    • Process drops legitimate windows executable

      • microsoft-teams-24244.507.3118.4732-installer.exe (PID: 7124)
      • Update.exe (PID: 6208)

    • Application launched itself

      • Teams.exe (PID: 7052)
      • Teams.exe (PID: 4408)
      • Teams.exe (PID: 6684)

    • The process drops C-runtime libraries

      • Update.exe (PID: 6208)

  • INFO

    • Create files in a temporary directory

      • microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.exe (PID: 2648)
      • microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.exe (PID: 6740)

    • Checks supported languages

      • microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.exe (PID: 2648)
      • microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.tmp (PID: 5084)
      • microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.exe (PID: 6740)

    • Reads the computer name

      • microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.tmp (PID: 5084)
      • microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.exe (PID: 6740)

    • Process checks computer location settings

      • microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.tmp (PID: 5084)

    • Manual execution by a user

      • microsoft-teams-24244.507.3118.4732-installer.exe (PID: 7124)
      • Update.exe (PID: 6336)
      • notepad.exe (PID: 5284)
      • msedge.exe (PID: 4380)
      • Update.exe (PID: 6344)

    • Application launched itself

      • msedge.exe (PID: 4380)
      • msedge.exe (PID: 3824)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:28 08:29:25+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 685056
InitializedDataSize: 90112
UninitializedDataSize: -
EntryPoint: 0xa83bc
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 2.40.1.8969
ProductVersionNumber: 2.40.1.8969
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Softonic International SA
FileVersion: 2.40.1.8969
LegalCopyright: ©2023 Softonic International SA
OriginalFileName:
ProductName: Softonic International SA
ProductVersion: 3.1.5.7
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
210
Monitored processes
72
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start microsoft-teams-24244.507.3118.4732-installer_ge30b-2.exe microsoft-teams-24244.507.3118.4732-installer_ge30b-2.tmp no specs microsoft-teams-24244.507.3118.4732-installer_ge30b-2.exe microsoft-teams-24244.507.3118.4732-installer_ge30b-2.tmp microsoft-teams-24244.507.3118.4732-installer.exe no specs microsoft-teams-24244.507.3118.4732-installer.exe update.exe squirrel.exe teams.exe no specs update.exe teams.exe no specs teams.exe no specs teams.exe no specs teams.exe no specs teams.exe teams.exe no specs teams.exe no specs teams.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs teams.exe no specs teams.exe no specs update.exe teams.exe no specs teams.exe no specs teams.exe teams.exe no specs teams.exe no specs teams.exe no specs teams.exe no specs rundll32.exe no specs notepad.exe no specs update.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
632C:\Users\admin\AppData\Local\Microsoft\Teams\Update.exe --createShortcut=Teams.exe -l=StartMenuC:\Users\admin\AppData\Local\Microsoft\Teams\Update.exe
Teams.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Teams classic
Exit code:
0
Version:
3.3.13.0
Modules
Images
c:\users\admin\appdata\local\microsoft\teams\update.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
1008"C:\Users\admin\AppData\Local\Microsoft\Teams\current\Teams.exe" --type=renderer --enable-wer --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Teams" --app-user-model-id=com.squirrel.Teams.Teams --app-path="C:\Users\admin\AppData\Local\Microsoft\Teams\current\resources\app.asar" --enable-sandbox --first-renderer-process --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2628 --field-trial-handle=1896,i,12116205059988606740,15490760020204644266,131072 --enable-features=ContextBridgeMutability,SharedArrayBuffer,WinUseBrowserSpellChecker,WinUseHybridSpellChecker --disable-features=CalculateNativeWinOcclusion,ExtraCookieValidityChecks,ForcedColors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --msteams-process-type=loadingWindow /prefetch:1C:\Users\admin\AppData\Local\Microsoft\Teams\current\Teams.exeTeams.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Teams
Exit code:
0
Version:
1.7.00.26062
Modules
Images
c:\users\admin\appdata\local\microsoft\teams\current\teams.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1028"C:\Users\admin\AppData\Local\Microsoft\Teams\current\Teams.exe" --type=renderer --enable-wer --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Teams" --app-user-model-id=com.squirrel.Teams.Teams --app-path="C:\Users\admin\AppData\Local\Microsoft\Teams\current\resources\app.asar" --enable-sandbox --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3272 --field-trial-handle=1896,i,12116205059988606740,15490760020204644266,131072 --enable-features=ContextBridgeMutability,SharedArrayBuffer,WinUseBrowserSpellChecker,WinUseHybridSpellChecker --disable-features=CalculateNativeWinOcclusion,ExtraCookieValidityChecks,ForcedColors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --msteams-process-type=notificationsManager /prefetch:1C:\Users\admin\AppData\Local\Microsoft\Teams\current\Teams.exeTeams.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Teams
Exit code:
0
Version:
1.7.00.26062
Modules
Images
c:\users\admin\appdata\local\microsoft\teams\current\teams.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1048 /s /n /i:user "C:\Users\admin\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.24233.4\x64\Microsoft.Teams.AddinLoader.dll"C:\Windows\System32\regsvr32.exeregsvr32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1196"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=136 --field-trial-handle=2316,i,5343830263180599634,8153723424203338642,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
1204"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5164 --field-trial-handle=2316,i,5343830263180599634,8153723424203338642,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1344"C:\Users\admin\AppData\Local\Microsoft\Teams\current\Teams.exe" --type=renderer --enable-wer --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Teams" --app-user-model-id=com.squirrel.Teams.Teams --app-path="C:\Users\admin\AppData\Local\Microsoft\Teams\current\resources\app.asar" --enable-sandbox --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4660 --field-trial-handle=1896,i,12116205059988606740,15490760020204644266,131072 --enable-features=ContextBridgeMutability,SharedArrayBuffer,WinUseBrowserSpellChecker,WinUseHybridSpellChecker --disable-features=CalculateNativeWinOcclusion,ExtraCookieValidityChecks,ForcedColors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --msteams-process-type=accountSelectWindow /prefetch:1C:\Users\admin\AppData\Local\Microsoft\Teams\current\Teams.exeTeams.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Teams
Exit code:
0
Version:
1.7.00.26062
Modules
Images
c:\users\admin\appdata\local\microsoft\teams\current\teams.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1552"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x290,0x294,0x298,0x204,0x2a0,0x7ffbcb115fd8,0x7ffbcb115fe4,0x7ffbcb115ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
1732"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6988 --field-trial-handle=2340,i,393074238474401920,4038806688057692004,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1884"C:\Users\admin\Downloads\microsoft-teams-24244.507.3118.4732-installer.exe" C:\Users\admin\Downloads\microsoft-teams-24244.507.3118.4732-installer.exemicrosoft-teams-24244.507.3118.4732-installer_Ge30b-2.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Teams
Exit code:
0
Version:
1.7.00.26062
Modules
Images
c:\users\admin\downloads\microsoft-teams-24244.507.3118.4732-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
23 514
Read events
22 821
Write events
655
Delete events
38

Modification events

(PID) Process:(632) Update.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Update_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(632) Update.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Update_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(632) Update.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Update_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(632) Update.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Update_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(632) Update.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Update_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(632) Update.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Update_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(632) Update.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Update_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(632) Update.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Update_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(632) Update.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Update_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(632) Update.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Update_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
383
Suspicious files
620
Text files
254
Unknown types
27

Dropped files

PID
Process
Filename
Type
3700microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.tmpC:\Users\admin\AppData\Local\Temp\is-25T0B.tmp\is-BLS4M.tmp
MD5:
SHA256:
3700microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.tmpC:\Users\admin\AppData\Local\Temp\is-25T0B.tmp\microsoft-teams-24244.507.3118.4732-installer.exe
MD5:
SHA256:
3700microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.tmpC:\Users\admin\Downloads\microsoft-teams-24244.507.3118.4732-installer.exe
MD5:
SHA256:
7124microsoft-teams-24244.507.3118.4732-installer.exeC:\Users\admin\AppData\Local\SquirrelTemp\Teams-1.7.00.26062-full.nupkg
MD5:
SHA256:
6208Update.exeC:\Users\admin\AppData\Local\Microsoft\Teams\packages\Teams-1.7.00.26062-full.nupkg
MD5:
SHA256:
3700microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.tmpC:\Users\admin\AppData\Local\Temp\is-25T0B.tmp\is-558VM.tmpimage
MD5:5FD73821F3F097D177009D88DFD33605
SHA256:A6ECCE54116936CA27D4BE9797E32BF2F3CFC7E41519A23032992970FBD9D3BA
3700microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.tmpC:\Users\admin\AppData\Local\Temp\is-25T0B.tmp\100.pngimage
MD5:5FD73821F3F097D177009D88DFD33605
SHA256:A6ECCE54116936CA27D4BE9797E32BF2F3CFC7E41519A23032992970FBD9D3BA
6740microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.exeC:\Users\admin\AppData\Local\Temp\is-S73Q8.tmp\microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.tmpexecutable
MD5:4CC9DDB18514C94300FD78FE002B0D2F
SHA256:C4A5100DCF1EB5DC959E50E36A710C92A53A5C77D0569EE03293142E0EB43FC4
7124microsoft-teams-24244.507.3118.4732-installer.exeC:\Users\admin\AppData\Local\SquirrelTemp\RELEASEStext
MD5:CCB037945362E0273D399669E89AA502
SHA256:E25C4952CEAC901736D941083B54D736E92FE910940F61D271DA8F528D31AF7D
3700microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.tmpC:\Users\admin\AppData\Local\Temp\is-25T0B.tmp\Y.pngimage
MD5:C199687E52F7393C941A143B45D78207
SHA256:0EB767424750B6F8C22AE5EBB105C5C37B3A047EED986FFA6DEBA53EFDC2142E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
56
DNS requests
88
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5600
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
3600
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
6472
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6472
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6944
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4360
SearchApp.exe
2.23.209.161:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5488
MoUsoCoreWorker.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5488
MoUsoCoreWorker.exe
23.32.185.131:80
www.microsoft.com
AKAMAI-AS
BR
whitelisted
4
System
192.168.100.255:138
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
816
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5600
svchost.exe
20.190.160.17:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
www.bing.com
  • 2.23.209.161
  • 2.23.209.182
  • 2.23.209.177
  • 2.23.209.175
  • 2.23.209.158
  • 2.23.209.160
  • 2.23.209.179
  • 2.23.209.176
  • 2.23.209.162
  • 2.23.209.143
  • 2.23.209.154
  • 2.23.209.192
  • 2.23.209.136
  • 2.23.209.150
  • 2.23.209.139
  • 2.23.209.148
  • 2.23.209.131
  • 2.23.209.142
  • 2.23.209.149
  • 2.23.209.135
  • 2.23.209.140
  • 2.23.209.144
  • 2.23.209.133
  • 2.23.209.156
whitelisted
google.com
  • 142.250.184.206
whitelisted
crl.microsoft.com
  • 2.16.164.9
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 23.32.185.131
  • 23.52.120.96
whitelisted
login.live.com
  • 20.190.160.17
  • 40.126.32.134
  • 40.126.32.72
  • 20.190.160.14
  • 40.126.32.68
  • 40.126.32.140
  • 40.126.32.133
  • 40.126.32.138
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
th.bing.com
  • 2.23.209.142
  • 2.23.209.131
  • 2.23.209.132
  • 2.23.209.187
  • 2.23.209.136
  • 2.23.209.140
  • 2.23.209.143
  • 2.23.209.185
  • 2.23.209.192
  • 2.23.209.148
  • 2.23.209.149
  • 2.23.209.135
  • 2.23.209.144
  • 2.23.209.133
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
d69gcyt8k9bu2.cloudfront.net
  • 65.9.7.228
  • 65.9.7.85
  • 65.9.7.45
  • 65.9.7.98
whitelisted

Threats

No threats detected
Process
Message
Update.exe
Update.exe Information: 0 :
Update.exe
Starting TelemetryManager constructor
Update.exe
Update.exe Information: 0 :
Update.exe
TelemetryManagerImpl creation started
Update.exe
Update.exe Information: 0 :
Update.exe
Performance counters are disabled. Skipping creation of counters category.
Update.exe
RecordBatcherTask with ID 4 started.
Update.exe
Update.exe Information: 0 :
Update.exe
SendTask with ID 6 started
Update.exe
Ending TelemetryManager constructor
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
microsoft-teams-24244.507.3118.4732-installer_Ge30b-2.exe