File name:

MPC-HC.1.9.17.x86.zip

Full analysis: https://app.any.run/tasks/d1542fd2-3122-4c87-9ccd-4adb7f1b600c
Verdict: Malicious activity
Analysis date: May 31, 2024, 23:10:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

1AD8147DDED44255511CEB6374A90547

SHA1:

809E99FC0C0666467D85C3989A863E6CB386AA8B

SHA256:

178CB35F7B4F3C48F7B1F1929277976FEE01D1230F3D1CEE0FEE0727B550E239

SSDEEP:

196608:+Q9635FYyIChhXe4TEwUbYl+alumhevKhsoFI7T:Z963oYPJ2Yl+alumhevKhLe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3980)
      • MPC-HC.1.9.17.x86.exe (PID: 588)
      • MPC-HC.1.9.17.x86.tmp (PID: 1592)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • MPC-HC.1.9.17.x86.tmp (PID: 1592)

    • Executable content was dropped or overwritten

      • MPC-HC.1.9.17.x86.tmp (PID: 1592)
      • MPC-HC.1.9.17.x86.exe (PID: 588)

    • Process drops legitimate windows executable

      • MPC-HC.1.9.17.x86.tmp (PID: 1592)

    • Reads security settings of Internet Explorer

      • mpc-hc.exe (PID: 2332)

    • Checks Windows Trust Settings

      • mpc-hc.exe (PID: 2332)

    • Reads the Internet Settings

      • mpc-hc.exe (PID: 2332)

    • Reads settings of System Certificates

      • mpc-hc.exe (PID: 2332)

    • Adds/modifies Windows certificates

      • mpc-hc.exe (PID: 2332)

  • INFO

    • Checks supported languages

      • MPC-HC.1.9.17.x86.tmp (PID: 1592)
      • MPC-HC.1.9.17.x86.exe (PID: 588)
      • mpc-hc.exe (PID: 2332)
      • wmpnscfg.exe (PID: 2408)

    • Creates a software uninstall entry

      • MPC-HC.1.9.17.x86.tmp (PID: 1592)

    • Create files in a temporary directory

      • MPC-HC.1.9.17.x86.exe (PID: 588)

    • Reads the computer name

      • MPC-HC.1.9.17.x86.tmp (PID: 1592)
      • mpc-hc.exe (PID: 2332)
      • wmpnscfg.exe (PID: 2408)

    • Manual execution by a user

      • mpc-hc.exe (PID: 2332)
      • wmpnscfg.exe (PID: 2408)
      • msedge.exe (PID: 2436)
      • MPC-HC.1.9.17.x86.exe (PID: 588)

    • Creates files in the program directory

      • MPC-HC.1.9.17.x86.tmp (PID: 1592)

    • Reads the machine GUID from the registry

      • mpc-hc.exe (PID: 2332)

    • Checks proxy server information

      • mpc-hc.exe (PID: 2332)

    • Creates files or folders in the user directory

      • mpc-hc.exe (PID: 2332)

    • Application launched itself

      • msedge.exe (PID: 2436)
      • msedge.exe (PID: 2076)

    • Reads the software policy settings

      • mpc-hc.exe (PID: 2332)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3980)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2024:05:31 23:05:30
ZipCRC: 0xf0c38927
ZipCompressedSize: 16495404
ZipUncompressedSize: 16578170
ZipFileName: MPC-HC.1.9.17.x86.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
69
Monitored processes
27
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe mpc-hc.1.9.17.x86.exe mpc-hc.1.9.17.x86.tmp mpc-hc.exe wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
588"C:\Users\admin\Desktop\MPC-HC.1.9.17.x86.exe" C:\Users\admin\Desktop\MPC-HC.1.9.17.x86.exe
explorer.exe
User:
admin
Company:
MPC-HC Team
Integrity Level:
HIGH
Description:
MPC-HC Setup
Exit code:
0
Version:
1.9.17
Modules
Images
c:\users\admin\desktop\mpc-hc.1.9.17.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
676"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6d80f598,0x6d80f5a8,0x6d80f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1288"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1288 --field-trial-handle=1304,i,2979531273083425850,4302427829918908524,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1592"C:\Users\admin\AppData\Local\Temp\is-F5M1J.tmp\MPC-HC.1.9.17.x86.tmp" /SL5="$50134,15961431,185856,C:\Users\admin\Desktop\MPC-HC.1.9.17.x86.exe" C:\Users\admin\AppData\Local\Temp\is-F5M1J.tmp\MPC-HC.1.9.17.x86.tmp
MPC-HC.1.9.17.x86.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-f5m1j.tmp\mpc-hc.1.9.17.x86.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2076"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/clsid2/mpc-hc/releasesC:\Program Files\Microsoft\Edge\Application\msedge.exempc-hc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2332"C:\Program Files\MPC-HC\mpc-hc.exe" C:\Program Files\MPC-HC\mpc-hc.exe
explorer.exe
User:
admin
Company:
MPC-HC Team
Integrity Level:
HIGH
Description:
MPC-HC
Version:
1.9.17 (e234dbf8c)
Modules
Images
c:\program files\mpc-hc\mpc-hc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2384"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6d80f598,0x6d80f5a8,0x6d80f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2408"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2420"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1256 --field-trial-handle=1304,i,2979531273083425850,4302427829918908524,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2436"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate https://github.com/clsid2/mpc-hc/releasesC:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
16 066
Read events
15 859
Write events
173
Delete events
34

Modification events

(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3980) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\MPC-HC.1.9.17.x86.zip
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
130
Suspicious files
188
Text files
145
Unknown types
7

Dropped files

PID
Process
Filename
Type
1592MPC-HC.1.9.17.x86.tmpC:\Program Files\MPC-HC\Lang\mpcresources.bg.dllexecutable
MD5:A6838D1B5CFDFB73738876D7962C6BE2
SHA256:C63CDB30570FA69D8E06596428E4C4FE756318683C93E7624C5B2671CC16F1D6
1592MPC-HC.1.9.17.x86.tmpC:\Program Files\MPC-HC\Lang\is-48Q37.tmpexecutable
MD5:A6838D1B5CFDFB73738876D7962C6BE2
SHA256:C63CDB30570FA69D8E06596428E4C4FE756318683C93E7624C5B2671CC16F1D6
1592MPC-HC.1.9.17.x86.tmpC:\Program Files\MPC-HC\unins000.exeexecutable
MD5:06D9DDA9ACCAF3547FE2AF8DFFA78DB6
SHA256:0C9450BD6206AFB130019E262988A97AD2F7C521D74B13D65BE55B69F8D48228
1592MPC-HC.1.9.17.x86.tmpC:\Program Files\MPC-HC\Lang\mpcresources.bn.dllexecutable
MD5:DED3022D365E453806B09E2E50DAD82F
SHA256:08994A6D1A5EC3CF15AE82422634F52E5A64DE658217C74E1A70B3D8945C0D8C
1592MPC-HC.1.9.17.x86.tmpC:\Program Files\MPC-HC\Lang\mpcresources.ca.dllexecutable
MD5:9C5A3717FDD3F08885DFC1950A0EC426
SHA256:7D666777DC845E26CBCA35A26D61C992759AEFD8BD82EDFE73F2293D0ACEF545
3980WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3980.34661\MPC-HC.1.9.17.x86.exeexecutable
MD5:6F2F000540DA5CFCD397E3145478BFBE
SHA256:7AC4FA39624B4BA669CD5EF43CBDD85DBAE43169ED3496D395E7C9C43EF75FD3
1592MPC-HC.1.9.17.x86.tmpC:\Program Files\MPC-HC\mpc-hc.exeexecutable
MD5:0F635AAAA77DBEE232CEF5D841CE18A2
SHA256:718AA0479229A343FDD843EA3F7EA4E74BB89287EA75D973D4E67C23C303579C
1592MPC-HC.1.9.17.x86.tmpC:\Program Files\MPC-HC\Lang\mpcresources.be.dllexecutable
MD5:BDF9B7CFDE158DCC44F16AB295224882
SHA256:FE58B8E03D0CA47D699305582B7C45C036459C032DDC20FA1446BA28BE37176E
1592MPC-HC.1.9.17.x86.tmpC:\Program Files\MPC-HC\Lang\mpcresources.da.dllexecutable
MD5:1AA51EDC6A5B3329448D928053306D4A
SHA256:0156D38C240E2C67B1E531DE4D256D01B8893A0F2031914012B3A985B39DB26C
588MPC-HC.1.9.17.x86.exeC:\Users\admin\AppData\Local\Temp\is-F5M1J.tmp\MPC-HC.1.9.17.x86.tmpexecutable
MD5:97E8309859A8F2E96633F3ABAD8727F0
SHA256:90DF18EB06D199C583544F179B1BB466A6FD59736D4B0DBAC35C8DD3FBA9A425
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
31
DNS requests
35
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2332
mpc-hc.exe
GET
304
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?11656d647f07d71a
unknown
unknown
2332
mpc-hc.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEFZnHQTqT5lMbxCBR1nSdZQ%3D
unknown
unknown
2332
mpc-hc.exe
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPlNxcMEqnlIVyH5VuZ4lawhZX3QQU9oUKOxGG4QR9DqoLLNLuzGR7e64CEE4o94a2bBo7lCzSxA63QqU%3D
unknown
unknown
2332
mpc-hc.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSr83eyJy3njhjVpn5bEpfc6MXawQQUOuEJhtTPGcKWdnRJdtzgNcZjY5oCEQDzZE5rbgBQI34JRr174fUd
unknown
unknown
2332
mpc-hc.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown
2332
mpc-hc.exe
140.82.121.3:443
github.com
GITHUB
US
unknown
2332
mpc-hc.exe
199.232.210.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
2332
mpc-hc.exe
104.18.38.233:80
ocsp.comodoca.com
CLOUDFLARENET
shared
2332
mpc-hc.exe
172.64.149.23:80
ocsp.comodoca.com
CLOUDFLARENET
US
unknown
2332
mpc-hc.exe
185.199.109.133:443
raw.githubusercontent.com
FASTLY
US
unknown
2332
mpc-hc.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2436
msedge.exe
239.255.255.250:1900
unknown

DNS requests

Domain
IP
Reputation
github.com
  • 140.82.121.3
shared
ctldl.windowsupdate.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted
ocsp.comodoca.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
ocsp.usertrust.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.sectigo.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
raw.githubusercontent.com
  • 185.199.109.133
  • 185.199.108.133
  • 185.199.111.133
  • 185.199.110.133
shared
ocsp.digicert.com
  • 192.229.221.95
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
github.githubassets.com
  • 185.199.110.154
  • 185.199.108.154
  • 185.199.109.154
  • 185.199.111.154
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MPC-HC.1.9.17.x86.zip