File name:

quickbfc.exe

Full analysis: https://app.any.run/tasks/25c13ae3-af67-4f33-a49a-5e6166fc1d01
Verdict: Malicious activity
Analysis date: May 18, 2025, 10:08:31
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
inno
installer
delphi
auto-download
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

3D7D7F7B06125A8AF45719679F3FB294

SHA1:

8ED79E35F210559E4EB09BD50102AAD24BA9AD25

SHA256:

1F35183665A14EFFEBB52B8957959A2EF9A353DC0CA3257F42A002096C82805F

SSDEEP:

98304:9+cD4dnwqkKEZ69znJ1YM94LfHCSMgdk3p2tKhe1Pb6Bda7pzos7682GvA4Mx7OC:a6q7mYiIJGoiHjFBsH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • quickbfc.exe (PID: 6068)
      • quickbfc.tmp (PID: 5280)

    • Reads the Windows owner or organization settings

      • quickbfc.tmp (PID: 5280)

    • Reads security settings of Internet Explorer

      • quickbfc.tmp (PID: 5280)

    • There is functionality for taking screenshot (YARA)

      • quickbfc.exe (PID: 1388)

  • INFO

    • Create files in a temporary directory

      • quickbfc.exe (PID: 6068)
      • quickbfc.tmp (PID: 5280)

    • Checks supported languages

      • quickbfc.exe (PID: 6068)
      • quickbfc.tmp (PID: 5280)
      • quickbfc.exe (PID: 1388)
      • identity_helper.exe (PID: 7740)

    • Compiled with Borland Delphi (YARA)

      • quickbfc.exe (PID: 6068)
      • quickbfc.tmp (PID: 5280)
      • quickbfc.exe (PID: 1388)

    • Reads the computer name

      • quickbfc.tmp (PID: 5280)
      • quickbfc.exe (PID: 1388)
      • identity_helper.exe (PID: 7740)

    • Detects InnoSetup installer (YARA)

      • quickbfc.exe (PID: 6068)
      • quickbfc.tmp (PID: 5280)

    • Creates files or folders in the user directory

      • quickbfc.tmp (PID: 5280)

    • The sample compiled with english language support

      • quickbfc.tmp (PID: 5280)

    • Creates a software uninstall entry

      • quickbfc.tmp (PID: 5280)

    • The sample compiled with russian language support

      • quickbfc.tmp (PID: 5280)

    • Local mutex for internet shortcut management

      • quickbfc.tmp (PID: 5280)

    • Checks proxy server information

      • quickbfc.tmp (PID: 5280)
      • slui.exe (PID: 8160)

    • Auto-launch of the file from Downloads directory

      • msedge.exe (PID: 7984)
      • msedge.exe (PID: 2552)

    • Application launched itself

      • msedge.exe (PID: 2552)

    • Reads Environment values

      • identity_helper.exe (PID: 7740)

    • Reads the machine GUID from the registry

      • quickbfc.exe (PID: 1388)

    • Manual execution by a user

      • msedge.exe (PID: 8092)
      • OpenWith.exe (PID: 4572)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 2552)

    • Reads the software policy settings

      • slui.exe (PID: 8160)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (65.1)
.exe | Win32 EXE PECompact compressed (generic) (24.6)
.dll | Win32 Dynamic Link Library (generic) (3.9)
.exe | Win32 Executable (generic) (2.6)
.exe | Win16/32 Executable Delphi generic (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 76800
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 5.4.0.5
ProductVersionNumber: 5.4.0.5
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: AbyssMedia.com
FileDescription: Quick Batch File Compiler Setup
FileVersion: 5.4.0.5
LegalCopyright: Copyright © 2001-2024 by AbyssMedia.com
OriginalFileName:
ProductName: Quick Batch File Compiler
ProductVersion: 5.4.0.5
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
179
Monitored processes
47
Malicious processes
0
Suspicious processes
2

Behavior graph

Click at the process to see the details
start quickbfc.exe quickbfc.tmp quickbfc.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs openwith.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
632"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4368 --field-trial-handle=2408,i,18050869023549161715,2535284650720327501,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
668"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x320,0x324,0x328,0x314,0x330,0x7ffc896f5fd8,0x7ffc896f5fe4,0x7ffc896f5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1040"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4036 --field-trial-handle=2408,i,18050869023549161715,2535284650720327501,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1388"C:\Users\admin\AppData\Local\Programs\Abyssmedia\Quick Batch File Compiler\quickbfc.exe"C:\Users\admin\AppData\Local\Programs\Abyssmedia\Quick Batch File Compiler\quickbfc.exequickbfc.tmp
User:
admin
Company:
Abyss Media Company
Integrity Level:
MEDIUM
Description:
Quick Batch File Compiler
Version:
5.4.0.5
Modules
Images
c:\users\admin\appdata\local\programs\abyssmedia\quick batch file compiler\quickbfc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
2340"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4356 --field-trial-handle=2408,i,18050869023549161715,2535284650720327501,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2344"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2404 --field-trial-handle=2408,i,18050869023549161715,2535284650720327501,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2552"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.abyssmedia.com/quickbfc/C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
quickbfc.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3024"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=7024 --field-trial-handle=2408,i,18050869023549161715,2535284650720327501,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4572"C:\WINDOWS\System32\OpenWith.exe" "C:\Users\admin\Downloads\wavecut (1).exe:Zone.Identifier"C:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147942487
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4728"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2676 --field-trial-handle=2408,i,18050869023549161715,2535284650720327501,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
10 227
Read events
10 151
Write events
76
Delete events
0

Modification events

(PID) Process:(5280) quickbfc.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(5280) quickbfc.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Users\admin\AppData\Local\Programs\Abyssmedia\Quick Batch File Compiler
(PID) Process:(5280) quickbfc.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Programs\Abyssmedia\Quick Batch File Compiler\
(PID) Process:(5280) quickbfc.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: Icon Group
Value:
Abyssmedia\Quick Batch File Compiler
(PID) Process:(5280) quickbfc.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(5280) quickbfc.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: Setup Type
Value:
full
(PID) Process:(5280) quickbfc.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: Selected Components
Value:
main,help
(PID) Process:(5280) quickbfc.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: Deselected Components
Value:
(PID) Process:(5280) quickbfc.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
desktopicon
(PID) Process:(5280) quickbfc.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
Executable files
24
Suspicious files
154
Text files
34
Unknown types
1

Dropped files

PID
Process
Filename
Type
6068quickbfc.exeC:\Users\admin\AppData\Local\Temp\is-01V2J.tmp\quickbfc.tmpexecutable
MD5:D3534848368B3B8CF46AB8788066D116
SHA256:9F291A34F1D4F04589CE5FC0D2CD0F3CBC61EED9908E5D738E8DD53064CA3BC9
5280quickbfc.tmpC:\Users\admin\AppData\Local\Programs\Abyssmedia\Quick Batch File Compiler\is-NRPMU.tmpexecutable
MD5:C75FAF974CF48C2695A63CF4F4A9F8CC
SHA256:FFE749C16F22DB4489B717D50493625B39ED90DD32E248143B910B619B8BCB97
5280quickbfc.tmpC:\Users\admin\AppData\Local\Programs\Abyssmedia\Quick Batch File Compiler\quickbfc.exeexecutable
MD5:C75FAF974CF48C2695A63CF4F4A9F8CC
SHA256:FFE749C16F22DB4489B717D50493625B39ED90DD32E248143B910B619B8BCB97
5280quickbfc.tmpC:\Users\admin\AppData\Local\Programs\Abyssmedia\Quick Batch File Compiler\is-HR11D.tmpbinary
MD5:B9B937BBFB7524FB9ACE315571BA19B7
SHA256:72DC29A54A046F433EB96270E4E41206198857CAFA5E00B250069B3C9779EBE5
5280quickbfc.tmpC:\Users\admin\AppData\Local\Programs\Abyssmedia\Quick Batch File Compiler\is-PU3OV.tmpbinary
MD5:1BA84CB29E559B34BDAAD6C1F246F86E
SHA256:2E52063904FC4F5DE0D2832A3A58304A05EA079BD8289102155ED1D3D989481A
5280quickbfc.tmpC:\Users\admin\AppData\Local\Programs\Abyssmedia\Quick Batch File Compiler\is-L3QDA.tmpexecutable
MD5:B726E09DB0C4D3FF2EB49FFAE3D9D517
SHA256:DF0EB61660EB77DB1F2020104FB19445B1638988030700CBD3B4E9F053CE4A6B
5280quickbfc.tmpC:\Users\admin\AppData\Local\Programs\Abyssmedia\Quick Batch File Compiler\unins000.exeexecutable
MD5:B726E09DB0C4D3FF2EB49FFAE3D9D517
SHA256:DF0EB61660EB77DB1F2020104FB19445B1638988030700CBD3B4E9F053CE4A6B
5280quickbfc.tmpC:\Users\admin\AppData\Local\Programs\Abyssmedia\Quick Batch File Compiler\quickbfcg.x86binary
MD5:D3C2584275292C2AEF7A413A8FA656DE
SHA256:99D89C49305E0FB4034E6CB1C185E597D7F1754B31785A4E14E71C53574B4687
5280quickbfc.tmpC:\Users\admin\AppData\Local\Programs\Abyssmedia\Quick Batch File Compiler\is-MRFV3.tmpbinary
MD5:CFE1E2DEA7B3397DF6D388E227093310
SHA256:74B08F6353180F11EE9E2A936A3E1A56208B75EA07CE9EEF43317838A9D62EED
5280quickbfc.tmpC:\Users\admin\AppData\Local\Programs\Abyssmedia\Quick Batch File Compiler\quickbfcc.x86binary
MD5:B9B937BBFB7524FB9ACE315571BA19B7
SHA256:72DC29A54A046F433EB96270E4E41206198857CAFA5E00B250069B3C9779EBE5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
137
DNS requests
64
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4380
RUXIMICS.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2104
svchost.exe
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4380
RUXIMICS.exe
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1228
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
1228
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1228
SIHClient.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
1228
SIHClient.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
1228
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
1228
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4380
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
2104
svchost.exe
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
4380
RUXIMICS.exe
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
2104
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4380
RUXIMICS.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
6544
svchost.exe
40.126.32.72:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
google.com
  • 142.250.185.110
whitelisted
crl.microsoft.com
  • 2.19.11.120
  • 2.19.11.105
  • 23.216.77.28
  • 23.216.77.6
  • 23.216.77.38
  • 23.216.77.8
  • 23.216.77.22
  • 23.216.77.36
  • 23.216.77.25
  • 23.216.77.42
  • 23.216.77.18
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 184.30.21.171
whitelisted
login.live.com
  • 40.126.32.72
  • 20.190.160.130
  • 20.190.160.65
  • 20.190.160.2
  • 40.126.32.76
  • 20.190.160.132
  • 20.190.160.4
  • 20.190.160.66
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted

Threats

PID
Process
Class
Message
4728
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
4728
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
4728
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
4728
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
4728
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
4728
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
4728
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
4728
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
4728
msedge.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
quickbfc.exe