File name:

spotCLIENT.rar

Full analysis: https://app.any.run/tasks/adfb5ae8-dda9-4e6a-90d8-24a3f19db415
Verdict: Malicious activity
Analysis date: March 14, 2025, 08:36:01
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-doc
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

4F9177ACD4611CC9BE4967682493D779

SHA1:

6F135EE1E417C30BE36365A0D4970453E54323C6

SHA256:

2ED17051AEC47A6F5CB56319931BBBB46587C85A0D6EDF0103C5B57E77E8D35F

SSDEEP:

98304:/0W7QM8stRVOtKAjWCttsROqlRFllZBAxCG+PtzQhfeHt8oP5/te+tZ5pxia13Md:ZkXR8rQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • CLIENT 40040.exe (PID: 1804)
      • CLIENT.exe (PID: 6852)
      • CLIENT 36.exe (PID: 6620)
      • CLIENT80.exe (PID: 2984)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 6040)
      • WinRAR.exe (PID: 4180)

    • The process creates files with name similar to system file names

      • WinRAR.exe (PID: 4180)

    • Reads security settings of Internet Explorer

      • Updater.exe (PID: 3800)

    • Creates/Modifies COM task schedule object

      • Updater.exe (PID: 3800)

  • INFO

    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 1512)
      • BackgroundTransferHost.exe (PID: 1188)
      • BackgroundTransferHost.exe (PID: 2552)
      • BackgroundTransferHost.exe (PID: 5984)
      • BackgroundTransferHost.exe (PID: 664)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 6040)
      • WinRAR.exe (PID: 4180)
      • WinRAR.exe (PID: 6512)
      • WinRAR.exe (PID: 4380)

    • Creates files or folders in the user directory

      • BackgroundTransferHost.exe (PID: 1512)

    • Checks proxy server information

      • BackgroundTransferHost.exe (PID: 1512)
      • slui.exe (PID: 6576)
      • Updater.exe (PID: 3800)

    • Reads the software policy settings

      • BackgroundTransferHost.exe (PID: 1512)
      • slui.exe (PID: 1300)
      • slui.exe (PID: 6576)

    • Checks supported languages

      • ShellExperienceHost.exe (PID: 6668)
      • CLIENT 36.exe (PID: 6620)
      • CLIENT 40040.exe (PID: 1804)
      • CLIENT.exe (PID: 6852)
      • Updater.exe (PID: 3800)

    • Reads the computer name

      • ShellExperienceHost.exe (PID: 6668)
      • CLIENT 40040.exe (PID: 1804)
      • CLIENT.exe (PID: 6852)
      • Updater.exe (PID: 3800)

    • Manual execution by a user

      • WinRAR.exe (PID: 4180)
      • WinRAR.exe (PID: 6512)
      • CLIENT 36.exe (PID: 6620)
      • CLIENT 40040.exe (PID: 1804)
      • CLIENT.exe (PID: 6852)
      • CLIENT80.exe (PID: 2984)
      • Updater.exe (PID: 3800)
      • Updater.exe (PID: 2084)
      • WinRAR.exe (PID: 4380)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 4180)
      • WinRAR.exe (PID: 6512)
      • WinRAR.exe (PID: 4380)

    • Create files in a temporary directory

      • CLIENT 36.exe (PID: 6620)
      • CLIENT 40040.exe (PID: 1804)
      • CLIENT.exe (PID: 6852)
      • CLIENT80.exe (PID: 2984)
      • Updater.exe (PID: 3800)

    • Reads mouse settings

      • CLIENT 40040.exe (PID: 1804)
      • CLIENT.exe (PID: 6852)
      • Updater.exe (PID: 3800)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

FileVersion: RAR v4
CompressedSize: 35336
UncompressedSize: 65536
OperatingSystem: Win32
ModifyDate: 2007:02:18 19:00:00
PackingMethod: Normal
ArchivedFileName: spotCLIENT\asycfilt.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
198
Monitored processes
60
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs sppextcomobj.exe no specs slui.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs rundll32.exe no specs slui.exe shellexperiencehost.exe no specs winrar.exe winrar.exe client 36.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs client 40040.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs client.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs winrar.exe client80.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs updater.exe no specs updater.exe

Process information

PID
CMD
Path
Indicators
Parent process
496regsvr32 C:\windows\system32\shdocvw.ocx /sC:\Windows\SysWOW64\regsvr32.exeCLIENT.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
632regsvr32 C:\windows\system32\mswinsck.ocx /sC:\Windows\SysWOW64\regsvr32.exeCLIENT 36.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
644regsvr32 C:\windows\system32\msmask32.ocx /sC:\Windows\SysWOW64\regsvr32.exeCLIENT80.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
664"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
684regsvr32 C:\windows\system32\mscomct2.ocx /sC:\Windows\SysWOW64\regsvr32.exeCLIENT 36.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
812regsvr32 C:\windows\system32\msmask32.ocx /sC:\Windows\SysWOW64\regsvr32.exeCLIENT.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
856regsvr32 C:\windows\system32\anigif.ocx /sC:\Windows\SysWOW64\regsvr32.exeCLIENT 36.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
896regsvr32 C:\windows\system32\shdocvw.ocx /sC:\Windows\SysWOW64\regsvr32.exeCLIENT 40040.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
924regsvr32 C:\windows\system32\mscomctl.ocx /sC:\Windows\SysWOW64\regsvr32.exeCLIENT 40040.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1188"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
Total events
7 816
Read events
7 429
Write events
229
Delete events
158

Modification events

(PID) Process:(6040) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6040) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6040) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6040) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\spotCLIENT.rar
(PID) Process:(6040) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6040) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6040) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6040) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1188) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1188) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
Executable files
32
Suspicious files
15
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
1512BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\ba9f113a-ada9-47bd-b2f3-39d3912a7c11.down_data
MD5:
SHA256:
1512BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10Dbinary
MD5:9FA7CCABC494A5328612D36DD19B8E46
SHA256:0D0B2B024CD660B45A6646F77B717CCD34A8C0D3EC4D5451D53DD436E87F531D
1512BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\4d4d6d1c-c276-45b4-8acf-9f3d6b4c0bdc.up_meta_securebinary
MD5:A3C7C80FA679C2ACB16C1CFCBAFBE818
SHA256:8BE552C920DA80DCCA1C28E473DE58C14EACBC92CBDCA9F69FA70657892EA3BA
4180WinRAR.exeC:\Users\admin\Desktop\spotCLIENT\iLarang.Library.Geolocation.tlbbinary
MD5:6538AAA1F454E953524007027BA9FB80
SHA256:80BDA5F607EADB40E2933685360A62EABD4FEA10A48FBCC2983B886CFBB7B07A
1512BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\ba9f113a-ada9-47bd-b2f3-39d3912a7c11.f0f6d94c-8bd9-45e9-a885-4146c1232a2d.down_metabinary
MD5:4D5A1BFD959967250D53A0BB81C1BA05
SHA256:42640C66DB3A8AF1A86311AFFDE51A1B72167F473A5E8654B6104D3DDCA722FC
4180WinRAR.exeC:\Users\admin\Desktop\spotCLIENT\iLarang.Library.Geolocation.dllexecutable
MD5:D206DDA5028B55451039B3F5CE300F6D
SHA256:24E79169E1CFB12C954BCCC6D1F6770FEE2B9DEEEF55E2888F324CDA3910A9F6
1512BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\4d4d6d1c-c276-45b4-8acf-9f3d6b4c0bdc.f0f6d94c-8bd9-45e9-a885-4146c1232a2d.down_metabinary
MD5:4D5A1BFD959967250D53A0BB81C1BA05
SHA256:42640C66DB3A8AF1A86311AFFDE51A1B72167F473A5E8654B6104D3DDCA722FC
4180WinRAR.exeC:\Users\admin\Desktop\spotCLIENT\COMCAT.DLLexecutable
MD5:3B180DA2B50B954A55FE37AFBA58D428
SHA256:96D04CDFAF4F4D7B8722B139A15074975D4C244302F78034B7BE65DF1A92FD03
4180WinRAR.exeC:\Users\admin\Desktop\spotCLIENT\COMDLG32.OCXexecutable
MD5:AB412429F1E5FB9708A8CDEA07479099
SHA256:E32D8BBE8E6985726742B496520FA47827F3B428648FA1BC34ECFFDD9BDAC240
4180WinRAR.exeC:\Users\admin\Desktop\spotCLIENT\iphlpapi.dllexecutable
MD5:697982224FEEC30A85844B0048AE80A8
SHA256:94FC1881E15EA142BE7AF87D8CD553B17AAD762CEEA040684A04025DA4796097
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
28
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.16.164.72:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1512
BackgroundTransferHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5404
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
5216
SIHClient.exe
GET
200
23.209.214.100:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5216
SIHClient.exe
GET
200
23.209.214.100:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
5496
MoUsoCoreWorker.exe
2.16.164.72:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
20.190.160.3:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5404
backgroundTaskHost.exe
20.31.169.57:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5404
backgroundTaskHost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.174
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 2.16.164.72
  • 2.16.164.106
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 20.190.160.3
  • 20.190.160.128
  • 40.126.32.74
  • 40.126.32.76
  • 40.126.32.72
  • 20.190.160.132
  • 20.190.160.130
  • 20.190.160.64
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
arc.msn.com
  • 20.31.169.57
whitelisted
www.bing.com
  • 2.19.122.11
  • 2.19.122.9
  • 2.19.122.66
  • 2.19.122.6
  • 2.19.122.7
  • 2.19.122.10
  • 2.19.122.5
  • 2.19.122.4
  • 2.19.122.8
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
www.microsoft.com
  • 23.209.214.100
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
spotCLIENT.rar