File name:

BeamNG_Verification.exe

Full analysis: https://app.any.run/tasks/a1b80b9a-cf0e-4a24-9f6a-e98981cb3cf2
Verdict: Malicious activity
Analysis date: August 14, 2024, 10:19:08
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
uac
pastebin
python
Indicators:
MIME: application/x-dosexec
File info: PE32+ executable (GUI) x86-64, for MS Windows
MD5:

41A54A40C7A2F87856697B5935B222B8

SHA1:

C734EE45AD8A2298B6A183B8C1E2FCF7D3EEB964

SHA256:

3D4C6A5DE44C00E749925EC7C94D23826F3BCFC5CA98C906447CCD95DAD299DC

SSDEEP:

98304:q+QWUOsXJimjehUC/RmCKtJMNvWMcdcptUivHL57FSw03IbjQryOKPSPQvJVfPVU:B0em8K2Hq1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Bypass User Account Control (fodhelper)

      • fodhelper.exe (PID: 6980)

    • Adds path to the Windows Defender exclusion list

      • BeamNG_Verification.exe (PID: 6364)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • BeamNG_Verification.exe (PID: 6444)
      • BeamNG_Verification.exe (PID: 7024)

    • Process drops python dynamic module

      • BeamNG_Verification.exe (PID: 6444)
      • BeamNG_Verification.exe (PID: 7024)

    • Executable content was dropped or overwritten

      • BeamNG_Verification.exe (PID: 6444)
      • BeamNG_Verification.exe (PID: 7024)

    • Process drops legitimate windows executable

      • BeamNG_Verification.exe (PID: 6444)
      • BeamNG_Verification.exe (PID: 7024)

    • Application launched itself

      • BeamNG_Verification.exe (PID: 6444)
      • BeamNG_Verification.exe (PID: 7024)

    • The process drops C-runtime libraries

      • BeamNG_Verification.exe (PID: 6444)
      • BeamNG_Verification.exe (PID: 7024)

    • Loads Python modules

      • BeamNG_Verification.exe (PID: 6464)
      • BeamNG_Verification.exe (PID: 6364)

    • Starts CMD.EXE for commands execution

      • BeamNG_Verification.exe (PID: 6464)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 6484)
      • cmd.exe (PID: 6572)
      • cmd.exe (PID: 7144)
      • cmd.exe (PID: 6292)

    • Uses WEVTUTIL.EXE to query events from a log or log file

      • cmd.exe (PID: 7056)
      • cmd.exe (PID: 6660)

    • Starts POWERSHELL.EXE for commands execution

      • BeamNG_Verification.exe (PID: 6364)

    • Script adds exclusion path to Windows Defender

      • BeamNG_Verification.exe (PID: 6364)

    • Potential Corporate Privacy Violation

      • BeamNG_Verification.exe (PID: 6364)

    • Found strings related to reading or modifying Windows Defender settings

      • BeamNG_Verification.exe (PID: 6464)

  • INFO

    • Checks supported languages

      • BeamNG_Verification.exe (PID: 6444)
      • BeamNG_Verification.exe (PID: 6464)
      • BeamNG_Verification.exe (PID: 7024)
      • BeamNG_Verification.exe (PID: 6364)

    • Reads the computer name

      • BeamNG_Verification.exe (PID: 6444)
      • BeamNG_Verification.exe (PID: 7024)
      • BeamNG_Verification.exe (PID: 6364)

    • Create files in a temporary directory

      • BeamNG_Verification.exe (PID: 6444)
      • BeamNG_Verification.exe (PID: 7024)

    • Reads the machine GUID from the registry

      • BeamNG_Verification.exe (PID: 6464)
      • BeamNG_Verification.exe (PID: 6364)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 2424)

    • Checks proxy server information

      • BeamNG_Verification.exe (PID: 6364)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 2424)

    • Reads security settings of Internet Explorer

      • fodhelper.exe (PID: 6980)

    • Reads Microsoft Office registry keys

      • fodhelper.exe (PID: 6980)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:05:04 05:27:26+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.38
CodeSize: 176128
InitializedDataSize: 377344
UninitializedDataSize: -
EntryPoint: 0xc540
OSVersion: 5.2
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows GUI
FileVersionNumber: 0.26.0.0
ProductVersionNumber: 0.26.0.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileVersion: 0.26.0.0.14306
InternalName: BeamNG.drive
CompanyName: BeamNG GmbH
LegalCopyright: (C) BeamNG GmbH. All rights reserved.
OriginalFileName: BeamNG.drive
ProductName: BeamNG.drive
ProductVersion: 0.26.0.0.14306
FileDescription: game engine
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
159
Monitored processes
29
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start beamng_verification.exe beamng_verification.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs wevtutil.exe no specs cmd.exe no specs conhost.exe no specs fodhelper.exe no specs fodhelper.exe no specs fodhelper.exe beamng_verification.exe cmd.exe no specs conhost.exe no specs wevtutil.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs beamng_verification.exe powershell.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1860\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2424powershell -Command "Add-MpPreference -ExclusionPath \"C:\ProgramData\""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeBeamNG_Verification.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6260reg delete "HKCU\Software\Classes\.Nulled" /fC:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
6280\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6292C:\WINDOWS\system32\cmd.exe /c "reg delete "HKCU\Software\Classes\ms-settings" /f"C:\Windows\System32\cmd.exeBeamNG_Verification.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
6364"C:\Users\admin\AppData\Local\Temp\BeamNG_Verification.exe" C:\Users\admin\AppData\Local\Temp\BeamNG_Verification.exe
BeamNG_Verification.exe
User:
admin
Company:
BeamNG GmbH
Integrity Level:
HIGH
Description:
BeamNG.drive
Exit code:
0
Version:
0.26.0.0.14306
Modules
Images
c:\users\admin\appdata\local\temp\beamng_verification.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6408reg delete "HKCU\Software\Classes\ms-settings" /fC:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
6444"C:\Users\admin\AppData\Local\Temp\BeamNG_Verification.exe" C:\Users\admin\AppData\Local\Temp\BeamNG_Verification.exe
explorer.exe
User:
admin
Company:
BeamNG GmbH
Integrity Level:
MEDIUM
Description:
BeamNG.drive
Exit code:
0
Version:
0.26.0.0.14306
Modules
Images
c:\users\admin\appdata\local\temp\beamng_verification.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6464"C:\Users\admin\AppData\Local\Temp\BeamNG_Verification.exe" C:\Users\admin\AppData\Local\Temp\BeamNG_Verification.exeBeamNG_Verification.exe
User:
admin
Company:
BeamNG GmbH
Integrity Level:
MEDIUM
Description:
BeamNG.drive
Exit code:
0
Version:
0.26.0.0.14306
Modules
Images
c:\users\admin\appdata\local\temp\beamng_verification.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6484C:\WINDOWS\system32\cmd.exe /c "reg add "HKCU\Software\Classes\.Nulled\Shell\Open\command" /d "C:\Users\admin\AppData\Local\Temp\BeamNG_Verification.exe" /f"C:\Windows\System32\cmd.exeBeamNG_Verification.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
Total events
9 295
Read events
9 275
Write events
14
Delete events
6

Modification events

(PID) Process:(6752) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6752) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6752) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6752) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6980) fodhelper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(6980) fodhelper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6980) fodhelper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6980) fodhelper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6980) fodhelper.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Users\admin\AppData\Local\Temp\BeamNG_Verification.exe.FriendlyAppName
Value:
BeamNG.drive
(PID) Process:(6980) fodhelper.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Users\admin\AppData\Local\Temp\BeamNG_Verification.exe.ApplicationCompany
Value:
BeamNG GmbH
Executable files
112
Suspicious files
3
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
6444BeamNG_Verification.exeC:\Users\admin\AppData\Local\Temp\_MEI64442\_bz2.pydexecutable
MD5:D0EF24E6D7FC7C517BC1277149DF2E54
SHA256:37F13DA0CFFCC2E0412C1495D7AED9B413C02066CACA47D5AC15BE990EF83D86
6444BeamNG_Verification.exeC:\Users\admin\AppData\Local\Temp\_MEI64442\_ctypes.pydexecutable
MD5:2BB464586DACC70B22351F77E4DB1466
SHA256:8AE7861599B8FE7CECFA1567D425C4A62ED8BC9469E7AB210CD30CEB0A19FDB3
6444BeamNG_Verification.exeC:\Users\admin\AppData\Local\Temp\_MEI64442\_lzma.pydexecutable
MD5:CE20830B86F486B6BF16334B01FC0F63
SHA256:CA1B53F5B58C82323594AB4CA98E47F3A8EA2A31D1E1FDDEA2547E75BD697D0E
6444BeamNG_Verification.exeC:\Users\admin\AppData\Local\Temp\_MEI64442\_decimal.pydexecutable
MD5:CE096C9A5BA12EFA874E8CA5846557A1
SHA256:553A201817D8152D182748A249A2600AD60DE9D3B9408F37F3A2311BECF3BA10
6444BeamNG_Verification.exeC:\Users\admin\AppData\Local\Temp\_MEI64442\_hashlib.pydexecutable
MD5:9CE776F5A81AC2786166B6DBE6D8A952
SHA256:75211004059BAA09E44A26F9B0356F2B98D59A8B80ACAD9C0BD6F12A6C5B8312
6444BeamNG_Verification.exeC:\Users\admin\AppData\Local\Temp\_MEI64442\api-ms-win-core-errorhandling-l1-1-0.dllexecutable
MD5:47521E0BCE11BCDA26687A2A7AD925D8
SHA256:235FBA3CA6FB9DD58A7733D5578F1203D7973B4D2308AD63A07F8E4311B92A38
6444BeamNG_Verification.exeC:\Users\admin\AppData\Local\Temp\_MEI64442\api-ms-win-core-debug-l1-1-0.dllexecutable
MD5:0176E2F43C9B74559092E790E971CD6D
SHA256:D06D4FA8AFAE5D5670A73C99879588A28C9612F25D97D3A716067AA55AEDB7E1
6444BeamNG_Verification.exeC:\Users\admin\AppData\Local\Temp\_MEI64442\api-ms-win-core-interlocked-l1-1-0.dllexecutable
MD5:253B9EAAC8520B3C4FE18B1A87AF69D9
SHA256:4E70BEF1550D4F7DF37D8B6C86CF450F0B7D8C2A1B604B4063A6F3DC813C21C6
6444BeamNG_Verification.exeC:\Users\admin\AppData\Local\Temp\_MEI64442\api-ms-win-core-libraryloader-l1-1-0.dllexecutable
MD5:607250D5A7EE7BDE9A6DB712282980D6
SHA256:38C3A997857B0D87E27213AF52643DDB31857847A9E3AADCAACF5BC5A64C7F33
6444BeamNG_Verification.exeC:\Users\admin\AppData\Local\Temp\_MEI64442\api-ms-win-core-file-l1-1-0.dllexecutable
MD5:28C2E42A0B3CCAE924D47ADE467D27BE
SHA256:253BD5A1B70131A4B436645E70DC8A9E51E3A7D1321114BD231EB317B1111D6A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
39
DNS requests
19
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6364
BeamNG_Verification.exe
HEAD
403
52.219.60.50:80
http://foot-print-resources.s3.amazonaws.com/XClient.exe%0D
unknown
shared
3044
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5984
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6364
BeamNG_Verification.exe
HEAD
403
52.219.200.5:80
http://prod-be-source.s3.amazonaws.com/XClient.exe
unknown
shared
6172
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
876
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
192.168.100.255:138
whitelisted
4088
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3888
svchost.exe
239.255.255.250:1900
whitelisted
5336
SearchApp.exe
104.126.37.139:443
www.bing.com
Akamai International B.V.
DE
unknown
3260
svchost.exe
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3044
svchost.exe
20.190.159.64:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5336
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3044
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
google.com
  • 142.250.185.78
whitelisted
www.bing.com
  • 104.126.37.139
  • 104.126.37.160
  • 104.126.37.155
  • 104.126.37.146
  • 104.126.37.162
  • 104.126.37.161
  • 104.126.37.145
  • 104.126.37.153
  • 104.126.37.144
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.159.64
  • 40.126.31.69
  • 20.190.159.73
  • 40.126.31.71
  • 20.190.159.0
  • 40.126.31.67
  • 20.190.159.2
  • 20.190.159.23
whitelisted
th.bing.com
  • 104.126.37.144
  • 104.126.37.139
  • 104.126.37.160
  • 104.126.37.155
  • 104.126.37.146
  • 104.126.37.162
  • 104.126.37.161
  • 104.126.37.145
  • 104.126.37.153
whitelisted
pastebin.com
  • 104.20.4.235
  • 172.67.19.24
  • 104.20.3.235
shared
fd.api.iris.microsoft.com
  • 20.199.58.43
whitelisted
foot-print-resources.s3.amazonaws.com
  • 52.219.60.50
  • 52.219.202.79
  • 52.219.56.110
  • 52.219.202.19
  • 52.219.58.70
  • 3.5.186.252
  • 3.5.186.37
  • 52.219.204.3
shared

Threats

PID
Process
Class
Message
2256
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Online Pastebin Text Storage
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BeamNG_Verification.exe