File name:

Premxum's Services.zip

Full analysis: https://app.any.run/tasks/5cbbbe95-1c86-4d17-94ca-dcefd80a7074
Verdict: Malicious activity
Analysis date: June 08, 2025, 13:13:14
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

B55B456935C41F10ACA1C0ED95B36151

SHA1:

D9EB927979E58BB1AF80BC408480AE9940CCCFA4

SHA256:

276FE27C54839E7A95F247D13A181E0E7B38D53972B5B2E7DA796CEFDC674442

SSDEEP:

49152:+TgCqrkUEoUOPXAoYYWd40LEV7zWAIPrUJ/jRrDI9FzM8m67haCP+0zo3cMr+oGY:+TgfrkroUOvA340LC+PrYrRPQFzvmwle

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1812)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 780)
      • WinRAR.exe (PID: 6108)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1328)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 7888)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1812)
      • msiexec.exe (PID: 6880)

    • Reads security settings of Internet Explorer

      • Premxum's Tweaking Utility.exe (PID: 1244)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 7888)

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1328)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 7888)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1812)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 7888)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1812)

    • Searches for installed software

      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 7888)

    • Starts itself from another location

      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 7888)

    • Creates a software uninstall entry

      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1812)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 6880)

    • Executes as Windows Service

      • WmiApSrv.exe (PID: 3100)

    • Process uses IPCONFIG to clear DNS cache

      • Premxum's Tweaking Utility.exe (PID: 7012)

    • Suspicious use of NETSH.EXE

      • Premxum's Tweaking Utility.exe (PID: 7012)

    • The system shut down or reboot

      • Premxum's Tweaking Utility.exe (PID: 7012)

    • Uses powercfg.exe to modify the power settings

      • Premxum's Tweaking Utility.exe (PID: 7012)

  • INFO

    • Manual execution by a user

      • Premxum's Tweaking Utility.exe (PID: 1244)
      • WinRAR.exe (PID: 6108)

    • Reads Microsoft Office registry keys

      • explorer.exe (PID: 5492)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6108)
      • msedge.exe (PID: 4380)
      • msiexec.exe (PID: 6880)

    • Checks supported languages

      • Premxum's Tweaking Utility.exe (PID: 1244)
      • identity_helper.exe (PID: 6700)
      • identity_helper.exe (PID: 5812)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1328)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 7888)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1812)
      • msiexec.exe (PID: 6880)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 5492)

    • Reads the computer name

      • Premxum's Tweaking Utility.exe (PID: 1244)
      • identity_helper.exe (PID: 6700)
      • identity_helper.exe (PID: 5812)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 7888)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1812)
      • msiexec.exe (PID: 6880)

    • Application launched itself

      • msedge.exe (PID: 4380)
      • msedge.exe (PID: 6248)

    • Reads Environment values

      • identity_helper.exe (PID: 6700)
      • identity_helper.exe (PID: 5812)

    • Reads the software policy settings

      • explorer.exe (PID: 5492)

    • Checks proxy server information

      • explorer.exe (PID: 5492)

    • Creates files or folders in the user directory

      • explorer.exe (PID: 5492)

    • Create files in a temporary directory

      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1328)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 7888)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1812)

    • The sample compiled with english language support

      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1328)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 7888)
      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1812)
      • msiexec.exe (PID: 6880)

    • Launching a file from a Registry key

      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1812)

    • Creates files in the program directory

      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1812)

    • Reads the machine GUID from the registry

      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 1812)
      • msiexec.exe (PID: 6880)

    • Process checks computer location settings

      • windowsdesktop-runtime-8.0.16-win-x64.exe (PID: 7888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2025:04:20 23:52:40
ZipCRC: 0xaa28fe33
ZipCompressedSize: 88910
ZipUncompressedSize: 393216
ZipFileName: Premxum's Tweaking Utility.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
237
Monitored processes
101
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs sppextcomobj.exe no specs slui.exe winrar.exe rundll32.exe no specs premxum's tweaking utility.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs explorer.exe windowsdesktop-runtime-8.0.16-win-x64.exe windowsdesktop-runtime-8.0.16-win-x64.exe windowsdesktop-runtime-8.0.16-win-x64.exe msiexec.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe no specs premxum's tweaking utility.exe no specs premxum's tweaking utility.exe wmiapsrv.exe no specs ipconfig.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs powercfg.exe no specs conhost.exe no specs powercfg.exe no specs conhost.exe no specs powercfg.exe no specs conhost.exe no specs powercfg.exe no specs conhost.exe no specs powercfg.exe no specs conhost.exe no specs powercfg.exe no specs conhost.exe no specs powercfg.exe no specs conhost.exe no specs powercfg.exe no specs conhost.exe no specs powercfg.exe no specs conhost.exe no specs powercfg.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs shutdown.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
656"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5656 --field-trial-handle=2328,i,9393401729601932672,5439577020100190847,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
660"powercfg" /setactive e9a42b02-d5df-448d-aa00-03f14749eb61C:\Windows\System32\powercfg.exePremxum's Tweaking Utility.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Power Settings Command-Line Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\powercfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
772"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=7440 --field-trial-handle=2328,i,9393401729601932672,5439577020100190847,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
780"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Premxum's Services.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1244"C:\Users\admin\Desktop\Premxum's Services\Premxum's Tweaking Utility.exe" C:\Users\admin\Desktop\Premxum's Services\Premxum's Tweaking Utility.exeexplorer.exe
User:
admin
Company:
Premxum's Services
Integrity Level:
MEDIUM
Description:
Premxum's Tweaking Utility
Exit code:
2147516547
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\premxum's services\premxum's tweaking utility.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1328"C:\Users\admin\Downloads\windowsdesktop-runtime-8.0.16-win-x64.exe" C:\Users\admin\Downloads\windowsdesktop-runtime-8.0.16-win-x64.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Desktop Runtime - 8.0.16 (x64)
Exit code:
0
Version:
8.0.16.34817
Modules
Images
c:\users\admin\downloads\windowsdesktop-runtime-8.0.16-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1328"powercfg" /setactive e9a42b02-d5df-448d-aa00-03f14749eb61C:\Windows\System32\powercfg.exePremxum's Tweaking Utility.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Power Settings Command-Line Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\powercfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
1452\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowercfg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1472C:\Windows\syswow64\MsiExec.exe -Embedding 04D457D469751CAB25C0E160E0A622FDC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1532"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5736 --field-trial-handle=2328,i,9393401729601932672,5439577020100190847,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
47 382
Read events
45 809
Write events
1 390
Delete events
183

Modification events

(PID) Process:(780) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(780) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(780) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(780) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\Premxum's Services.zip
(PID) Process:(780) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(780) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(780) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(780) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
Operation:writeName:CheckSetting
Value:
23004100430042006C006F00620000000000000000000000010000000000000000000000
(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\5\ApplicationViewManagement\W32:0000000000070344
Operation:writeName:VirtualDesktop
Value:
1000000030304456BFA0DB55E4278845B426357D5B5F97B3
Executable files
503
Suspicious files
371
Text files
75
Unknown types
0

Dropped files

PID
Process
Filename
Type
4380msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State~RF122f46.TMP
MD5:
SHA256:
4380msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old~RF122f65.TMP
MD5:
SHA256:
4380msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old
MD5:
SHA256:
4380msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG.old~RF122f65.TMP
MD5:
SHA256:
4380msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG.old
MD5:
SHA256:
4380msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF122fa3.TMP
MD5:
SHA256:
4380msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
4380msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old~RF122f74.TMP
MD5:
SHA256:
4380msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF122fc3.TMP
MD5:
SHA256:
4380msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
67
DNS requests
74
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.216.77.26:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7736
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7736
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5492
explorer.exe
GET
200
23.216.77.7:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
8080
svchost.exe
GET
206
2.19.126.155:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d7a84f7e-387a-4575-a6ad-19c144e05ef6?P1=1749697959&P2=404&P3=2&P4=ZZadwhtMoPoOaUiDP7b11Gsm%2b1JxdfWv7k5TTtJcx3DPkszIpD4kVaqXFJ8XKDurUimIRrgFVy3L5qqKe5KeRQ%3d%3d
unknown
whitelisted
8080
svchost.exe
HEAD
200
2.19.126.155:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d7a84f7e-387a-4575-a6ad-19c144e05ef6?P1=1749697959&P2=404&P3=2&P4=ZZadwhtMoPoOaUiDP7b11Gsm%2b1JxdfWv7k5TTtJcx3DPkszIpD4kVaqXFJ8XKDurUimIRrgFVy3L5qqKe5KeRQ%3d%3d
unknown
whitelisted
8080
svchost.exe
GET
206
2.19.126.155:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d7a84f7e-387a-4575-a6ad-19c144e05ef6?P1=1749697959&P2=404&P3=2&P4=ZZadwhtMoPoOaUiDP7b11Gsm%2b1JxdfWv7k5TTtJcx3DPkszIpD4kVaqXFJ8XKDurUimIRrgFVy3L5qqKe5KeRQ%3d%3d
unknown
whitelisted
8080
svchost.exe
GET
206
2.19.126.155:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d7a84f7e-387a-4575-a6ad-19c144e05ef6?P1=1749697959&P2=404&P3=2&P4=ZZadwhtMoPoOaUiDP7b11Gsm%2b1JxdfWv7k5TTtJcx3DPkszIpD4kVaqXFJ8XKDurUimIRrgFVy3L5qqKe5KeRQ%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2800
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
23.216.77.26:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
2.16.253.202:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
7636
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6544
svchost.exe
20.190.160.132:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 23.216.77.26
  • 23.216.77.19
  • 23.216.77.29
  • 23.216.77.33
  • 23.216.77.32
  • 23.216.77.20
  • 23.216.77.37
  • 23.216.77.15
  • 23.216.77.28
  • 23.216.77.7
  • 23.216.77.11
  • 23.216.77.42
  • 23.216.77.18
  • 23.216.77.34
  • 23.216.77.4
  • 23.216.77.41
whitelisted
www.microsoft.com
  • 2.16.253.202
whitelisted
google.com
  • 142.250.186.174
whitelisted
login.live.com
  • 20.190.160.132
  • 20.190.160.3
  • 20.190.160.4
  • 20.190.160.130
  • 20.190.160.14
  • 40.126.32.134
  • 20.190.160.64
  • 20.190.160.65
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
aka.ms
  • 2.20.153.252
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Premxum's Services.zip