File name:

UltraSearch-Setup.exe

Full analysis: https://app.any.run/tasks/063f0c26-a9ef-4367-bdb3-caad8cc3e467
Verdict: Malicious activity
Analysis date: May 16, 2025, 20:11:50
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
inno
installer
auto-startup
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

B26D0F9227D869C7DD4B2DE138313192

SHA1:

C4FEC320A907154115C946D340745E3F92446B07

SHA256:

240F91F6AD0457390B477AB23C4A2CAC077B0AA816D2020C76D140647ABD4430

SSDEEP:

98304:Mrq3Bdwen2yFS/qoM0YpdJH/tc+gM8+3YXw80N+d91AjdJCSJE/S2JU2CaoM+vio:uO1P6oLMqzLlPZVKR0wn0tZcXMncClzR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes Windows Defender settings

      • UltraSearch-Setup.tmp (PID: 7052)
      • powershell.exe (PID: 6768)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 6768)
      • powershell.exe (PID: 5384)

    • Adds process to the Windows Defender exclusion list

      • UltraSearch-Setup.tmp (PID: 7052)
      • powershell.exe (PID: 6768)

    • Changes powershell execution policy (Bypass)

      • powershell.exe (PID: 6768)
      • UltraSearch-Setup.tmp (PID: 7052)

    • Create files in the Startup directory

      • UltraSearch.exe (PID: 900)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • UltraSearch-Setup.exe (PID: 1280)
      • UltraSearch-Setup.exe (PID: 1452)
      • UltraSearch-Setup.tmp (PID: 7052)

    • Reads security settings of Internet Explorer

      • UltraSearch-Setup.tmp (PID: 4988)
      • UltraSearch.exe (PID: 5756)
      • UltraSearch.exe (PID: 1088)
      • UltraSearch.exe (PID: 4784)
      • UltraSearch.exe (PID: 900)
      • UltraSearch.exe (PID: 2240)

    • Reads the Windows owner or organization settings

      • UltraSearch-Setup.tmp (PID: 7052)

    • Process drops legitimate windows executable

      • UltraSearch-Setup.tmp (PID: 7052)

    • Starts POWERSHELL.EXE for commands execution

      • UltraSearch-Setup.tmp (PID: 7052)
      • powershell.exe (PID: 6768)

    • Starts process via Powershell

      • powershell.exe (PID: 6768)

    • The process bypasses the loading of PowerShell profile settings

      • powershell.exe (PID: 6768)

    • Script adds exclusion process to Windows Defender

      • UltraSearch-Setup.tmp (PID: 7052)
      • powershell.exe (PID: 6768)

    • Application launched itself

      • powershell.exe (PID: 6768)

    • Adds/modifies Windows certificates

      • UltraSearch.exe (PID: 5756)
      • powershell.exe (PID: 5384)

    • Reads Internet Explorer settings

      • hh.exe (PID: 2984)

    • Reads Microsoft Outlook installation path

      • hh.exe (PID: 2984)

    • There is functionality for communication over UDP network (YARA)

      • UltraSearch.exe (PID: 2240)

    • There is functionality for taking screenshot (YARA)

      • UltraSearch.exe (PID: 2240)

  • INFO

    • Checks supported languages

      • UltraSearch-Setup.exe (PID: 1280)
      • UltraSearch-Setup.tmp (PID: 4988)
      • UltraSearch-Setup.exe (PID: 1452)
      • UltraSearch-Setup.tmp (PID: 7052)
      • LicenseManager.exe (PID: 3240)
      • LicenseManager.exe (PID: 3268)
      • UltraSearch.exe (PID: 1088)
      • UltraSearch.exe (PID: 900)
      • UltraSearch.exe (PID: 5756)
      • UltraSearch.exe (PID: 4784)
      • UltraSearch.exe (PID: 2240)

    • Create files in a temporary directory

      • UltraSearch-Setup.exe (PID: 1280)
      • UltraSearch-Setup.exe (PID: 1452)
      • UltraSearch-Setup.tmp (PID: 7052)
      • LicenseManager.exe (PID: 3240)
      • UltraSearch.exe (PID: 5756)
      • UltraSearch.exe (PID: 1088)
      • UltraSearch.exe (PID: 900)
      • hh.exe (PID: 2984)
      • UltraSearch.exe (PID: 4784)
      • UltraSearch.exe (PID: 2240)

    • Reads the computer name

      • UltraSearch-Setup.tmp (PID: 4988)
      • UltraSearch-Setup.exe (PID: 1452)
      • UltraSearch-Setup.tmp (PID: 7052)
      • LicenseManager.exe (PID: 3240)
      • LicenseManager.exe (PID: 3268)
      • UltraSearch.exe (PID: 5756)
      • UltraSearch.exe (PID: 1088)
      • UltraSearch.exe (PID: 4784)
      • UltraSearch.exe (PID: 900)
      • UltraSearch.exe (PID: 2240)

    • Process checks computer location settings

      • UltraSearch-Setup.tmp (PID: 4988)

    • Compiled with Borland Delphi (YARA)

      • UltraSearch-Setup.exe (PID: 1452)
      • UltraSearch-Setup.tmp (PID: 7052)
      • UltraSearch-Setup.exe (PID: 1280)
      • UltraSearch-Setup.tmp (PID: 4988)
      • UltraSearch.exe (PID: 2240)

    • Reads the machine GUID from the registry

      • LicenseManager.exe (PID: 3240)
      • LicenseManager.exe (PID: 3268)
      • UltraSearch.exe (PID: 5756)
      • UltraSearch.exe (PID: 1088)
      • UltraSearch.exe (PID: 900)
      • UltraSearch.exe (PID: 4784)
      • UltraSearch.exe (PID: 2240)

    • Detects InnoSetup installer (YARA)

      • UltraSearch-Setup.exe (PID: 1452)
      • UltraSearch-Setup.tmp (PID: 7052)
      • UltraSearch-Setup.exe (PID: 1280)
      • UltraSearch-Setup.tmp (PID: 4988)

    • Creates files in the program directory

      • LicenseManager.exe (PID: 3240)
      • UltraSearch-Setup.tmp (PID: 7052)

    • Reads Environment values

      • UltraSearch-Setup.tmp (PID: 7052)
      • UltraSearch.exe (PID: 5756)
      • UltraSearch.exe (PID: 4784)
      • UltraSearch.exe (PID: 900)
      • UltraSearch.exe (PID: 1088)
      • UltraSearch.exe (PID: 2240)

    • The sample compiled with english language support

      • UltraSearch-Setup.tmp (PID: 7052)

    • Reads CPU info

      • UltraSearch.exe (PID: 5756)
      • UltraSearch.exe (PID: 900)
      • UltraSearch.exe (PID: 1088)
      • UltraSearch.exe (PID: 4784)
      • UltraSearch.exe (PID: 2240)

    • Reads the software policy settings

      • UltraSearch.exe (PID: 5756)
      • UltraSearch.exe (PID: 900)
      • UltraSearch.exe (PID: 1088)
      • UltraSearch.exe (PID: 4784)
      • UltraSearch.exe (PID: 2240)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 5384)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 5384)

    • Creates a software uninstall entry

      • UltraSearch-Setup.tmp (PID: 7052)

    • Creates files or folders in the user directory

      • UltraSearch.exe (PID: 1088)
      • UltraSearch.exe (PID: 900)
      • hh.exe (PID: 2984)

    • Auto-launch of the file from Startup directory

      • UltraSearch.exe (PID: 900)

    • Reads security settings of Internet Explorer

      • hh.exe (PID: 2984)

    • Checks proxy server information

      • hh.exe (PID: 2984)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:28 08:29:25+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 685056
InitializedDataSize: 115712
UninitializedDataSize: -
EntryPoint: 0xa83bc
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 4.7.0.1164
ProductVersionNumber: 4.7.0.1164
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: JAM Software
FileDescription: UltraSearch Setup
FileVersion: 4.7.0.1164
LegalCopyright: © 1996-2025 by Joachim Marder e.K.
OriginalFileName:
ProductName: UltraSearch
ProductVersion: 4.7
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
143
Monitored processes
16
Malicious processes
5
Suspicious processes
2

Behavior graph

Click at the process to see the details
start ultrasearch-setup.exe ultrasearch-setup.tmp no specs ultrasearch-setup.exe ultrasearch-setup.tmp licensemanager.exe no specs licensemanager.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs ultrasearch.exe no specs ultrasearch.exe no specs ultrasearch.exe ultrasearch.exe no specs ultrasearch.exe no specs hh.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
900"C:\Program Files\JAM Software\UltraSearch\UltraSearch.exe" /NOGUI /NOTRAY /INSTALL /INSTALL_AUTOSTART /INSTALL_CONTEXTMENUC:\Program Files\JAM Software\UltraSearch\UltraSearch.exe
UltraSearch-Setup.tmp
User:
admin
Company:
JAM Software
Integrity Level:
MEDIUM
Description:
UltraSearch - Your Ultimate Tool For Ultra-Fast File Search
Exit code:
0
Version:
4.7.0.1164
Modules
Images
c:\program files\jam software\ultrasearch\ultrasearch.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
1088"C:\Program Files\JAM Software\UltraSearch\UltraSearch.exe" /NOGUI /NOTRAY /INSTALL /REGISTERPACKAGE /SAVESETTINGS /Language "en"C:\Program Files\JAM Software\UltraSearch\UltraSearch.exeUltraSearch-Setup.tmp
User:
admin
Company:
JAM Software
Integrity Level:
HIGH
Description:
UltraSearch - Your Ultimate Tool For Ultra-Fast File Search
Exit code:
0
Version:
4.7.0.1164
Modules
Images
c:\program files\jam software\ultrasearch\ultrasearch.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
1280"C:\Users\admin\Desktop\UltraSearch-Setup.exe" C:\Users\admin\Desktop\UltraSearch-Setup.exe
explorer.exe
User:
admin
Company:
JAM Software
Integrity Level:
MEDIUM
Description:
UltraSearch Setup
Exit code:
0
Version:
4.7.0.1164
Modules
Images
c:\users\admin\desktop\ultrasearch-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
1452"C:\Users\admin\Desktop\UltraSearch-Setup.exe" /SPAWNWND=$4028A /NOTIFYWND=$80350 C:\Users\admin\Desktop\UltraSearch-Setup.exe
UltraSearch-Setup.tmp
User:
admin
Company:
JAM Software
Integrity Level:
HIGH
Description:
UltraSearch Setup
Exit code:
0
Version:
4.7.0.1164
Modules
Images
c:\users\admin\desktop\ultrasearch-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
2240"C:\Program Files\JAM Software\UltraSearch\UltraSearch.exe"C:\Program Files\JAM Software\UltraSearch\UltraSearch.exeUltraSearch-Setup.tmp
User:
admin
Company:
JAM Software
Integrity Level:
MEDIUM
Description:
UltraSearch - Your Ultimate Tool For Ultra-Fast File Search
Version:
4.7.0.1164
Modules
Images
c:\program files\jam software\ultrasearch\ultrasearch.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
2984"C:\WINDOWS\hh.exe" C:\Program Files\JAM Software\UltraSearch\UltraSearch.chmC:\Windows\hh.exeUltraSearch-Setup.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft® HTML Help Executable
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\hh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3240"C:\Users\admin\AppData\Local\Temp\is-4HNSS.tmp\LicenseManager.exe" license install --language en --useInnoSetupStyleDialog --dialogTitle " Setup - UltraSearch V4.7" --parentWindowIdentifier 459482 --suppressDialogsC:\Users\admin\AppData\Local\Temp\is-4HNSS.tmp\LicenseManager.exeUltraSearch-Setup.tmp
User:
admin
Company:
JAM Software
Integrity Level:
HIGH
Description:
LicenseManager
Exit code:
0
Version:
5.1.2.173
Modules
Images
c:\users\admin\appdata\local\temp\is-4hnss.tmp\licensemanager.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3268"C:\Users\admin\AppData\Local\Temp\is-4HNSS.tmp\LicenseManager.exe" license getTypeC:\Users\admin\AppData\Local\Temp\is-4HNSS.tmp\LicenseManager.exeUltraSearch-Setup.tmp
User:
admin
Company:
JAM Software
Integrity Level:
HIGH
Description:
LicenseManager
Exit code:
0
Version:
5.1.2.173
Modules
Images
c:\users\admin\appdata\local\temp\is-4hnss.tmp\licensemanager.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3304C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4784"C:\Program Files\JAM Software\UltraSearch\UltraSearch.exe" /NOGUI /NOTRAY /INSTALL /SL5="$6034A,19691664,801792,C:\Users\admin\Desktop\UltraSearch-Setup.exe" /SPAWNWND=$4028A /NOTIFYWND=$80350 C:\Program Files\JAM Software\UltraSearch\UltraSearch.exeUltraSearch-Setup.tmp
User:
admin
Company:
JAM Software
Integrity Level:
HIGH
Description:
UltraSearch - Your Ultimate Tool For Ultra-Fast File Search
Exit code:
0
Version:
4.7.0.1164
Modules
Images
c:\program files\jam software\ultrasearch\ultrasearch.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
Total events
45 807
Read events
45 723
Write events
60
Delete events
24

Modification events

(PID) Process:(3240) LicenseManager.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Jam.License.Validation
Operation:writeName:EventMessageFile
Value:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll
(PID) Process:(7052) UltraSearch-Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\JAM Software\UltraSearch
Operation:delete valueName:FullVersion
Value:
(PID) Process:(7052) UltraSearch-Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\JAM Software\UltraSearch
Operation:writeName:FullVersion
Value:
4.7
(PID) Process:(7052) UltraSearch-Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\CodeGear\Locales
Operation:writeName:C:\Program Files\JAM Software\UltraSearch\UltraSearch.exe
Value:
EN
(PID) Process:(7052) UltraSearch-Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UltraSearch_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.3.2
(PID) Process:(7052) UltraSearch-Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UltraSearch_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\JAM Software\UltraSearch
(PID) Process:(7052) UltraSearch-Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UltraSearch_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\JAM Software\UltraSearch\
(PID) Process:(7052) UltraSearch-Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UltraSearch_is1
Operation:writeName:Inno Setup: Icon Group
Value:
UltraSearch
(PID) Process:(7052) UltraSearch-Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UltraSearch_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(7052) UltraSearch-Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UltraSearch_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
desktopicon,desktopicon\common,shellcontextmenu,startmenu,autostartentry
Executable files
22
Suspicious files
16
Text files
46
Unknown types
0

Dropped files

PID
Process
Filename
Type
7052UltraSearch-Setup.tmpC:\Users\admin\AppData\Local\Temp\is-4HNSS.tmp\LicenseManager.exeexecutable
MD5:967F81A2450F13F969255DD50C0AEBAA
SHA256:ECFCCAD10FA2C0567492BB20FFDC0E3657F86CDC5AA6572062D5863DBC0AA961
1452UltraSearch-Setup.exeC:\Users\admin\AppData\Local\Temp\is-4TKPQ.tmp\UltraSearch-Setup.tmpexecutable
MD5:89A098BF8393521F810FDDA2929B7F81
SHA256:EFA01C87B67B861743FB2C07ED751E98EC2A1B734519DD73A05B729D15D62D2C
7052UltraSearch-Setup.tmpC:\Program Files\JAM Software\UltraSearch\is-RN63S.tmpexecutable
MD5:967F81A2450F13F969255DD50C0AEBAA
SHA256:ECFCCAD10FA2C0567492BB20FFDC0E3657F86CDC5AA6572062D5863DBC0AA961
7052UltraSearch-Setup.tmpC:\Users\admin\AppData\Local\Temp\is-4HNSS.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
7052UltraSearch-Setup.tmpC:\Users\admin\AppData\Local\Temp\is-4HNSS.tmp\LicenseManager.exe.configxml
MD5:EC0F31F8AF93BE5DB09EA45749E1A58B
SHA256:CF7AFF47F8F455A7AD8AA0A608DDBAB0225CF4BD3B26FEB0511C57E80F51B19D
7052UltraSearch-Setup.tmpC:\Program Files\JAM Software\UltraSearch\LicenseFiles\Inno Setup\is-54ROE.tmptext
MD5:F960CFC0C8310C487633F5A0B945C987
SHA256:D022EE9A38EA46EA445AD5370EE2B8AC75303D96A6FDBB30F50292F78A04D3D8
7052UltraSearch-Setup.tmpC:\Program Files\JAM Software\UltraSearch\is-1A52A.tmpexecutable
MD5:89A098BF8393521F810FDDA2929B7F81
SHA256:EFA01C87B67B861743FB2C07ED751E98EC2A1B734519DD73A05B729D15D62D2C
7052UltraSearch-Setup.tmpC:\Program Files\JAM Software\UltraSearch\unins000.exeexecutable
MD5:89A098BF8393521F810FDDA2929B7F81
SHA256:EFA01C87B67B861743FB2C07ED751E98EC2A1B734519DD73A05B729D15D62D2C
7052UltraSearch-Setup.tmpC:\Program Files\JAM Software\UltraSearch\License.rtftext
MD5:8E037E19ADB723F0440520F750FF2EC3
SHA256:105CBC0948A44C22F00D35E48F97EB79CD4D25C22C3A28CB75FC3D4BD944CBFC
7052UltraSearch-Setup.tmpC:\Program Files\JAM Software\UltraSearch\LicenseFiles\WindowsFirewallHelper\is-EQQH9.tmptext
MD5:DC1CBEB991B23714A2F6A18C381EEF12
SHA256:842FB62CC62CC4515612BC67528EE512F4099C53EB7D0E55571A14AAA2F362E0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
23
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
23.48.23.181:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
192.168.100.255:137
whitelisted
2104
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
23.48.23.181:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6620
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3304
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.110
whitelisted
crl.microsoft.com
  • 23.48.23.181
  • 23.48.23.169
  • 23.48.23.191
  • 23.48.23.176
  • 23.48.23.190
  • 23.48.23.168
  • 23.48.23.192
  • 23.48.23.183
  • 23.48.23.177
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
UltraSearch-Setup.exe