File name:

00a3ff063537e0a20ad014b200ce97c1.zip

Full analysis: https://app.any.run/tasks/4487fc6d-5132-45e5-b2ba-4795d5fb7ae4
Verdict: Malicious activity
Analysis date: November 02, 2024, 03:55:47
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
netreactor
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

C536D36773773242141FF38AB049E3B2

SHA1:

5A9997F5A86523A8441830720EAF50EDFB07FB9F

SHA256:

2C597E3D6F692E9CAD4632F1685E3FF6F5A1AA23E7CBA64F7296F6AD273A9E32

SSDEEP:

98304:skzzs0LwDsbdBRaKxZkRA3szBDecUsSPdjS/wnCtPYeJ/kQP7QJu79Gd4jyXe/S2:bL1M

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6160)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exe (PID: 6668)
      • DriverCore.exe (PID: 512)
      • DriverCore.exe (PID: 4088)
      • DriverCore.exe (PID: 5652)

    • Executable content was dropped or overwritten

      • Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exe (PID: 6668)

    • Checks Windows Trust Settings

      • DriverCore.exe (PID: 512)
      • DriverCore.exe (PID: 4088)
      • DriverCore.exe (PID: 5652)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6160)
      • WinRAR.exe (PID: 6124)

    • The process uses the downloaded file

      • WinRAR.exe (PID: 6160)
      • Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exe (PID: 6668)
      • DriverCore.exe (PID: 512)
      • WinRAR.exe (PID: 6124)
      • DriverCore.exe (PID: 4088)
      • DriverCore.exe (PID: 5652)

    • Checks supported languages

      • Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exe (PID: 6668)
      • DriverCore.exe (PID: 512)
      • DriverCore.exe (PID: 4088)
      • DriverCore.exe (PID: 5652)

    • Manual execution by a user

      • Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exe (PID: 6668)
      • WinRAR.exe (PID: 6124)
      • DriverCore.exe (PID: 4088)
      • notepad.exe (PID: 6276)
      • notepad.exe (PID: 6372)
      • DriverCore.exe (PID: 5652)

    • Create files in a temporary directory

      • Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exe (PID: 6668)

    • Reads the computer name

      • Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exe (PID: 6668)
      • DriverCore.exe (PID: 512)
      • DriverCore.exe (PID: 4088)
      • DriverCore.exe (PID: 5652)

    • Process checks computer location settings

      • Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exe (PID: 6668)

    • Reads the machine GUID from the registry

      • DriverCore.exe (PID: 512)
      • DriverCore.exe (PID: 4088)
      • DriverCore.exe (PID: 5652)

    • Reads the software policy settings

      • DriverCore.exe (PID: 512)
      • DriverCore.exe (PID: 4088)
      • DriverCore.exe (PID: 5652)
      • slui.exe (PID: 3620)

    • Checks proxy server information

      • DriverCore.exe (PID: 512)

    • Creates files or folders in the user directory

      • DriverCore.exe (PID: 512)
      • DriverCore.exe (PID: 4088)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 6276)
      • notepad.exe (PID: 6372)

    • .NET Reactor protector has been detected

      • DriverCore.exe (PID: 512)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2023:07:10 17:14:32
ZipCRC: 0x71ae5e29
ZipCompressedSize: 1989048
ZipUncompressedSize: 2056672
ZipFileName: Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
145
Monitored processes
12
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe darmoshark_m3 4k mouse_drivercoresfx1_20230710_141326.exe THREAT drivercore.exe winrar.exe drivercore.exe no specs sppextcomobj.exe no specs slui.exe rundll32.exe no specs notepad.exe no specs drivercore.exe no specs notepad.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
512"C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\DriverCore.exe" C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\DriverCore.exe
Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exe
User:
admin
Integrity Level:
MEDIUM
Description:
DriverCore
Exit code:
0
Version:
2.0.3.3
Modules
Images
c:\users\admin\appdata\local\temp\7zipsfx.000\drivercore.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
1112C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3620"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4072C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
4088"C:\Users\admin\Desktop\DriverCore.exe" C:\Users\admin\Desktop\DriverCore.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
DriverCore
Exit code:
0
Version:
2.0.3.3
Modules
Images
c:\users\admin\desktop\drivercore.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
5652"C:\Users\admin\Desktop\DriverCore.exe" C:\Users\admin\Desktop\DriverCore.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
DriverCore
Exit code:
0
Version:
2.0.3.3
Modules
Images
c:\users\admin\desktop\drivercore.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
6124"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exe" C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6160"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\00a3ff063537e0a20ad014b200ce97c1.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6276"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Config\Language.iniC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
6372"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Config\Darmoshark\Language.iniC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
Total events
14 131
Read events
14 098
Write events
33
Delete events
0

Modification events

(PID) Process:(6160) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6160) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\00a3ff063537e0a20ad014b200ce97c1.zip
(PID) Process:(6160) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6160) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6160) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6160) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6160) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
(PID) Process:(6160) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:name
Value:
256
(PID) Process:(6160) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6160) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:psize
Value:
80
Executable files
3
Suspicious files
6
Text files
32
Unknown types
0

Dropped files

PID
Process
Filename
Type
6668Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Config\Darmoshark\Home.pngimage
MD5:A12809FB34938368EA352BD2EA25E881
SHA256:8FA9BB1185BE393E0755D580DFC4FE72FC716E2D9A5BA1BCC86FA85F88A20A56
6668Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Config\Darmoshark\Device_4K.pngimage
MD5:827D2E9569246E9FA3FE5110A932926B
SHA256:03C2F5F05149865D4F3C2A25395C65B85CB36A6D5AB3808FB08BBA7DC5B27AA8
6668Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Config\Darmoshark\CompanyName.pngimage
MD5:9C43DB4D4C24519AC1F3E4A4318DD195
SHA256:6B5DAD5FBBA0B267DCAD88FA15FB4B2490C633B276245ED8D83BC34DB2D4C6F0
6668Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Config\Darmoshark\Device.pngimage
MD5:827D2E9569246E9FA3FE5110A932926B
SHA256:03C2F5F05149865D4F3C2A25395C65B85CB36A6D5AB3808FB08BBA7DC5B27AA8
6668Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Config\Darmoshark\PairMouse.pngimage
MD5:0B27AC2F806BCEDEBE09F2F8B03113BC
SHA256:41FC9D117185BAE3BA0FA3BBA47806599D8A03C762CA9DC1D6422E8CE45DF0E8
6668Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Config\Darmoshark\Device_Key.pngimage
MD5:96D39EB82E705D1C77D2D1AB0220FC55
SHA256:51DFC6FCA0B12BD0A84C98328D25FC677865E6A4D367B1EBD7406255844AE7AD
6668Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Config\Darmoshark\HomeSelect.pngimage
MD5:A12809FB34938368EA352BD2EA25E881
SHA256:8FA9BB1185BE393E0755D580DFC4FE72FC716E2D9A5BA1BCC86FA85F88A20A56
6160WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6160.6618\Darmoshark_M3 4K Mouse_DriverCoreSFX1_20230710_141326.exeexecutable
MD5:B39CFBA9EC6E827EBAA23A0279A3D93F
SHA256:8434FC20A3C51D36B88EEC7299D13E00255DD8A2BCF93B71955CED03ABB01E02
512DriverCore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554Ebinary
MD5:B8DDAE05BF2F9C706F66FCC14230BFE9
SHA256:C496D1BB4114AFB19201799BB2F7112B5B29F1172DC57E0A9BDF96C22FEB3FFB
512DriverCore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_27A79161E674042848576E15812E18BCbinary
MD5:CDF81CBE3917BCDE3AE01A1C8BCB2700
SHA256:183D1F5E005E2D9743097DDABBAE960AE9DA6B5AD4A7738E4325578869D24A1A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
39
DNS requests
24
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3764
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6944
svchost.exe
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
512
DriverCore.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q%2FFkJhmPF7POxEztXHAOSNhECDF0RJpUmRfSXRvUW%2BQ%3D%3D
unknown
whitelisted
5652
SIHClient.exe
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
512
DriverCore.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgW3WQu2HUdhUx4%2Fde0%3D
unknown
whitelisted
624
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5652
SIHClient.exe
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6944
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1752
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5488
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4360
SearchApp.exe
2.16.110.121:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
23.52.120.96:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
512
DriverCore.exe
104.18.21.226:80
ocsp.globalsign.com
CLOUDFLARENET
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
  • 4.231.128.59
whitelisted
www.bing.com
  • 2.16.110.121
  • 2.16.110.123
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
google.com
  • 142.250.184.238
whitelisted
crl.microsoft.com
  • 23.53.40.176
  • 23.53.40.178
whitelisted
www.microsoft.com
  • 23.52.120.96
  • 23.32.185.131
whitelisted
ocsp.globalsign.com
  • 104.18.21.226
  • 104.18.20.226
whitelisted
login.live.com
  • 40.126.32.72
  • 20.190.160.14
  • 40.126.32.74
  • 20.190.160.20
  • 40.126.32.76
  • 40.126.32.134
  • 40.126.32.133
  • 40.126.32.138
whitelisted
th.bing.com
  • 2.23.209.179
  • 2.23.209.140
  • 2.23.209.133
  • 2.23.209.182
  • 2.23.209.130
  • 2.23.209.149
  • 2.23.209.187
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
00a3ff063537e0a20ad014b200ce97c1.zip