File name:

NetworkGraphicsSetup.exe

Full analysis: https://app.any.run/tasks/d17e54f7-7304-4b8d-b0e1-e756a51c24b1
Verdict: Malicious activity
Analysis date: February 12, 2026, 20:32:36
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
nodejs
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

7CB1BC28DB043C8310997EA65DD19967

SHA1:

419F51141C8E01DC0A8762EC365C5F62065DC8FD

SHA256:

2B2937DF3E5AE5465058B45DDAF6E46432613FA5AC678D4D64A8DAF0C2F56BFC

SSDEEP:

1572864:TiKfaInw6BTPIWQWy1A82mexe5BRefhrGvdDI:uiaInw6RPIWh8exe5BwfhqvxI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • Network Graphics.exe (PID: 6352)
      • Network Graphics.exe (PID: 1784)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • NetworkGraphicsSetup.exe (PID: 8488)

    • Process drops legitimate windows executable

      • NetworkGraphicsSetup.exe (PID: 8488)

    • Starts CMD.EXE for commands execution

      • Network Graphics.exe (PID: 6352)
      • Network Graphics.exe (PID: 1784)

    • Starts application with an unusual extension

      • cmd.exe (PID: 7360)
      • cmd.exe (PID: 8356)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • NetworkGraphicsSetup.exe (PID: 8488)

    • Executable content was dropped or overwritten

      • Network Graphics.exe (PID: 6352)
      • Network Graphics.exe (PID: 1784)
      • NetworkGraphicsSetup.exe (PID: 8488)

    • Application launched itself

      • Network Graphics.exe (PID: 6352)

    • Drops 7-zip archiver for unpacking

      • NetworkGraphicsSetup.exe (PID: 8488)

  • INFO

    • Checks supported languages

      • NetworkGraphicsSetup.exe (PID: 8488)
      • Network Graphics.exe (PID: 6352)
      • chcp.com (PID: 8156)
      • Network Graphics.exe (PID: 3036)
      • Network Graphics.exe (PID: 1784)
      • chcp.com (PID: 8684)
      • Network Graphics.exe (PID: 4724)

    • The sample compiled with english language support

      • NetworkGraphicsSetup.exe (PID: 8488)

    • Creates a software uninstall entry

      • NetworkGraphicsSetup.exe (PID: 8488)

    • Creates files or folders in the user directory

      • NetworkGraphicsSetup.exe (PID: 8488)
      • Network Graphics.exe (PID: 6352)
      • Network Graphics.exe (PID: 3036)

    • Reads Environment values

      • Network Graphics.exe (PID: 6352)
      • Network Graphics.exe (PID: 1784)

    • Manual execution by a user

      • Network Graphics.exe (PID: 6352)
      • Network Graphics.exe (PID: 1784)

    • Reads product name

      • Network Graphics.exe (PID: 6352)
      • Network Graphics.exe (PID: 1784)

    • Drops script file

      • Network Graphics.exe (PID: 6352)
      • Network Graphics.exe (PID: 1784)
      • NetworkGraphicsSetup.exe (PID: 8488)

    • Reads the computer name

      • NetworkGraphicsSetup.exe (PID: 8488)
      • Network Graphics.exe (PID: 6352)
      • Network Graphics.exe (PID: 3036)

    • Create files in a temporary directory

      • Network Graphics.exe (PID: 6352)
      • Network Graphics.exe (PID: 1784)
      • NetworkGraphicsSetup.exe (PID: 8488)

    • Launching a file from a Registry key

      • Network Graphics.exe (PID: 6352)
      • Network Graphics.exe (PID: 1784)

    • Checks proxy server information

      • Network Graphics.exe (PID: 6352)
      • slui.exe (PID: 3376)

    • Process checks computer location settings

      • Network Graphics.exe (PID: 6352)
      • Network Graphics.exe (PID: 4724)

    • Reads the machine GUID from the registry

      • Network Graphics.exe (PID: 6352)

    • Changes the display of characters in the console

      • cmd.exe (PID: 7360)
      • cmd.exe (PID: 8356)

    • Node.js compiler has been detected

      • Network Graphics.exe (PID: 6352)

    • There is functionality for taking screenshot (YARA)

      • Network Graphics.exe (PID: 6352)

    • Reads security settings of Internet Explorer

      • NetworkGraphicsSetup.exe (PID: 8488)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 4.0.44.0
ProductVersionNumber: 4.0.44.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Network Group
FileDescription: Mods, graphics, skins and optimization for the GTA 5 RP in one app
FileVersion: 4.0.44
LegalCopyright: Copyright © 2026 Network Group
ProductName: Network Graphics
ProductVersion: 4.0.44
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
147
Monitored processes
12
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start networkgraphicssetup.exe network graphics.exe cmd.exe no specs conhost.exe no specs chcp.com no specs network graphics.exe no specs network graphics.exe no specs network graphics.exe cmd.exe no specs conhost.exe no specs chcp.com no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
1784"C:\Users\admin\AppData\Local\Network Graphics\Network Graphics.exe" --autostartC:\Users\admin\AppData\Local\Network Graphics\Network Graphics.exe
explorer.exe
User:
admin
Company:
Network Group
Integrity Level:
MEDIUM
Description:
Network Graphics
Exit code:
0
Version:
4.0.44
Modules
Images
c:\users\admin\appdata\local\network graphics\network graphics.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\users\admin\appdata\local\network graphics\ffmpeg.dll
c:\windows\system32\combase.dll
c:\windows\system32\dbghelp.dll
3036"C:\Users\admin\AppData\Local\Network Graphics\Network Graphics.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --user-data-dir="C:\Users\admin\AppData\Roaming\Network Graphics" --field-trial-handle=2156,i,13125000219756517161,16687321841603192215,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:3C:\Users\admin\AppData\Local\Network Graphics\Network Graphics.exeNetwork Graphics.exe
User:
admin
Company:
Network Group
Integrity Level:
MEDIUM
Description:
Network Graphics
Version:
4.0.44
Modules
Images
c:\users\admin\appdata\local\network graphics\network graphics.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\users\admin\appdata\local\network graphics\ffmpeg.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\dbghelp.dll
3376C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4724"C:\Users\admin\AppData\Local\Network Graphics\Network Graphics.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\Network Graphics" --app-user-model-id="electron.app.Network Graphics" --app-path="C:\Users\admin\AppData\Local\Network Graphics\resources\app.asar" --no-sandbox --no-zygote --disable-breakpad --disable-lcd-text --js-flags=--expose-gc --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-zero-copy --disable-partial-raster --enable-gpu-memory-buffer-compositor-resources --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2572,i,13125000219756517161,16687321841603192215,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2568 /prefetch:1C:\Users\admin\AppData\Local\Network Graphics\Network Graphics.exeNetwork Graphics.exe
User:
admin
Company:
Network Group
Integrity Level:
MEDIUM
Description:
Network Graphics
Version:
4.0.44
Modules
Images
c:\users\admin\appdata\local\network graphics\network graphics.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6352"C:\Users\admin\AppData\Local\Network Graphics\Network Graphics.exe" C:\Users\admin\AppData\Local\Network Graphics\Network Graphics.exe
explorer.exe
User:
admin
Company:
Network Group
Integrity Level:
MEDIUM
Description:
Network Graphics
Version:
4.0.44
Modules
Images
c:\users\admin\appdata\local\network graphics\network graphics.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\dbghelp.dll
7360C:\WINDOWS\system32\cmd.exe /d /s /c "chcp"C:\Windows\System32\cmd.exeNetwork Graphics.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
8044\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
8156chcpC:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
8240\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
8356C:\WINDOWS\system32\cmd.exe /d /s /c "chcp"C:\Windows\System32\cmd.exeNetwork Graphics.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
Total events
5 947
Read events
5 909
Write events
18
Delete events
20

Modification events

(PID) Process:(8488) NetworkGraphicsSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\fc2e0712-968d-5a14-b2cc-fde1a0582edf
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Network Graphics
(PID) Process:(8488) NetworkGraphicsSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\fc2e0712-968d-5a14-b2cc-fde1a0582edf
Operation:writeName:KeepShortcuts
Value:
true
(PID) Process:(8488) NetworkGraphicsSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
139
(PID) Process:(8488) NetworkGraphicsSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\fc2e0712-968d-5a14-b2cc-fde1a0582edf
Operation:writeName:ShortcutName
Value:
Network Graphics
(PID) Process:(8488) NetworkGraphicsSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fc2e0712-968d-5a14-b2cc-fde1a0582edf
Operation:writeName:DisplayName
Value:
Network Graphics 4.0.44
(PID) Process:(8488) NetworkGraphicsSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fc2e0712-968d-5a14-b2cc-fde1a0582edf
Operation:writeName:UninstallString
Value:
"C:\Users\admin\AppData\Local\Network Graphics\Uninstall Network Graphics.exe" /currentuser
(PID) Process:(8488) NetworkGraphicsSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fc2e0712-968d-5a14-b2cc-fde1a0582edf
Operation:writeName:QuietUninstallString
Value:
"C:\Users\admin\AppData\Local\Network Graphics\Uninstall Network Graphics.exe" /currentuser /S
(PID) Process:(8488) NetworkGraphicsSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fc2e0712-968d-5a14-b2cc-fde1a0582edf
Operation:writeName:DisplayVersion
Value:
4.0.44
(PID) Process:(8488) NetworkGraphicsSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fc2e0712-968d-5a14-b2cc-fde1a0582edf
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Network Graphics\Network Graphics.exe,0
(PID) Process:(8488) NetworkGraphicsSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fc2e0712-968d-5a14-b2cc-fde1a0582edf
Operation:writeName:Publisher
Value:
Network Group
Executable files
37
Suspicious files
153
Text files
60
Unknown types
0

Dropped files

PID
Process
Filename
Type
8488NetworkGraphicsSetup.exeC:\Users\admin\AppData\Local\Temp\nsxABB0.tmp\app-64.7z
MD5:
SHA256:
8488NetworkGraphicsSetup.exeC:\Users\admin\AppData\Local\Temp\nsxABB0.tmp\7z-out\icudtl.dat
MD5:
SHA256:
8488NetworkGraphicsSetup.exeC:\Users\admin\AppData\Local\Temp\nsxABB0.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
8488NetworkGraphicsSetup.exeC:\Users\admin\AppData\Local\Temp\nsxABB0.tmp\nsis7z.dllexecutable
MD5:80E44CE4895304C6A3A831310FBF8CD0
SHA256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
8488NetworkGraphicsSetup.exeC:\Users\admin\AppData\Local\Temp\nsxABB0.tmp\SpiderBanner.dllexecutable
MD5:17309E33B596BA3A5693B4D3E85CF8D7
SHA256:996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
8488NetworkGraphicsSetup.exeC:\Users\admin\AppData\Local\Temp\nsxABB0.tmp\7z-out\LICENSE.electron.txttext
MD5:4D42118D35941E0F664DDDBD83F633C5
SHA256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
8488NetworkGraphicsSetup.exeC:\Users\admin\Desktop\Network Graphics.lnkbinary
MD5:B0ADB7F69089333B6617A0D8CF9269A4
SHA256:9B0FB7DA6BC1D23BB7CCA6674257EA711AEBA7E050D6DDBD4B57B8D8257577A1
8488NetworkGraphicsSetup.exeC:\Users\admin\AppData\Local\Temp\nsxABB0.tmp\7z-out\locales\cs.pakbinary
MD5:92E3FD1EB47767A0CB5F6E734DE4EEC1
SHA256:D269E16FBD9B2AFE95B148ECE22B2AC803768FB53EE42E1FAD0181F9DEC84544
8488NetworkGraphicsSetup.exeC:\Users\admin\AppData\Local\Temp\nsxABB0.tmp\7z-out\locales\ar.pakbinary
MD5:AC865FF462F341B4317C3D16EEB40460
SHA256:0557BC17EB1D134BD52F203836551B55579114708E2DF51F653972951567513D
8488NetworkGraphicsSetup.exeC:\Users\admin\AppData\Local\Temp\nsxABB0.tmp\7z-out\chrome_100_percent.pakbinary
MD5:83EC43F2AF9FC52025F3F807B185D424
SHA256:A659EE9EB38636F85F5336587C578FB29740D3EFFAFF9B92852C8A210E92978C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
48
DNS requests
15
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6768
MoUsoCoreWorker.exe
GET
200
2.16.164.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.164.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3344
svchost.exe
GET
200
2.16.164.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.204.135:443
https://th.bing.com/th?id=OCGE.9njb654d39wx_v12_main&w=80&h=80&c=1&rs=1&p=0
unknown
image
12.5 Kb
unknown
GET
200
2.16.204.135:443
https://th.bing.com/th?id=OCGE.9n7hl5s06zk0_v7_main&w=80&h=80&c=1&rs=1&p=0
unknown
image
18.4 Kb
unknown
GET
200
2.16.204.135:443
https://th.bing.com/th?id=OCGE.9nq9j864v30w_v5_main&w=80&h=80&c=1&rs=1&p=0
unknown
image
17.4 Kb
unknown
5568
SearchApp.exe
GET
200
2.16.204.155:443
https://th.bing.com/th?id=OCGE.9njb654d39wx_v12_main&w=80&h=80&c=1&rs=1&p=0
unknown
image
12.5 Kb
whitelisted
5568
SearchApp.exe
GET
200
2.16.204.155:443
https://th.bing.com/th?id=OCGE.9nbckjw55fsv_v6_main&w=80&h=80&c=1&rs=1&p=0
unknown
image
14.3 Kb
whitelisted
GET
200
2.16.204.135:443
https://th.bing.com/th?id=OCGE.9p3610rr8qt5_v3_main&w=80&h=80&c=1&rs=1&p=0
unknown
image
12.0 Kb
unknown
5568
SearchApp.exe
GET
200
2.16.204.155:443
https://th.bing.com/th?id=OBTQ.BTA3F5A7A467B5115A55C093D4D4B4ABBC0B3FB175279B272BB3AF67D261D81DFF&w=132&h=154&c=1&rs=1&p=0
unknown
image
6.31 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
23.11.206.114:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
2.16.204.150:443
th.bing.com
AKAMAI-ASN1
NL
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
2.16.164.42:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
2.16.164.42:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
3344
svchost.exe
2.16.164.42:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5568
SearchApp.exe
2.16.204.155:443
th.bing.com
AKAMAI-ASN1
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
www.bing.com
  • 23.11.206.114
  • 95.100.158.112
  • 23.3.89.115
  • 23.11.206.112
  • 23.3.89.89
  • 23.3.89.106
  • 95.100.158.107
  • 95.100.158.115
  • 95.100.158.123
whitelisted
th.bing.com
  • 2.16.204.150
  • 2.16.204.155
  • 2.16.204.151
  • 2.16.204.145
  • 2.16.204.147
  • 2.16.204.156
  • 2.16.204.136
  • 2.16.204.157
  • 2.16.204.143
whitelisted
google.com
  • 216.58.206.46
whitelisted
crl.microsoft.com
  • 2.16.164.42
  • 2.16.164.128
  • 2.16.164.10
  • 2.16.164.58
  • 2.16.164.129
  • 2.16.164.18
  • 2.16.164.27
  • 2.16.164.9
  • 2.16.164.17
  • 23.32.238.107
  • 23.32.238.112
whitelisted
api.ntw.graphics
  • 104.26.13.32
  • 172.67.75.101
  • 104.26.12.32
unknown
activation-v2.sls.microsoft.com
  • 48.192.1.64
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
self.events.data.microsoft.com
  • 51.105.71.137
whitelisted
login.live.com
  • 20.190.159.75
  • 20.190.159.71
  • 40.126.31.69
  • 40.126.31.131
  • 20.190.159.23
  • 40.126.31.128
  • 20.190.159.68
  • 20.190.159.64
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
NetworkGraphicsSetup.exe