File name:

SWA V1.62.rar

Full analysis: https://app.any.run/tasks/fbba2724-1262-43ee-9d8c-81731716e77f
Verdict: Malicious activity
Analysis date: February 15, 2025, 13:19:50
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

6E1EFEFB3225679AE03EF936C3C81575

SHA1:

C9E7DE5BBFF3BC0782B1E91023A7FF8FD9976688

SHA256:

42B828B9A12A08D6D54CEF29054A65C8E3D47147E67D40237B2DECCA4809C60F

SSDEEP:

49152:mU9RN2aJYMsAUTsi6WZfjAvNcHY5CkCIAbYzkVmMMhwQWREx+96XQo3IgxJuDKgA:9d2aJYMNgsi6WZGNJCkRG8rMMhw9ExFh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-8.0.13-win-x64.exe (PID: 7404)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • SWAv161.exe (PID: 4076)
      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 7220)
      • SWAv161.exe (PID: 1192)

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 8180)
      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 7220)
      • windowsdesktop-runtime-8.0.13-win-x64.exe (PID: 7404)

    • Process drops legitimate windows executable

      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 8180)
      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 7220)
      • windowsdesktop-runtime-8.0.13-win-x64.exe (PID: 7404)
      • msiexec.exe (PID: 880)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 7220)
      • windowsdesktop-runtime-8.0.13-win-x64.exe (PID: 7404)

    • Searches for installed software

      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 7220)

    • Starts itself from another location

      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 7220)

    • Creates a software uninstall entry

      • windowsdesktop-runtime-8.0.13-win-x64.exe (PID: 7404)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 880)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 880)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 880)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 880)

    • Executes application which crashes

      • SWAv161.exe (PID: 1192)

  • INFO

    • Manual execution by a user

      • SWAv161.exe (PID: 4076)
      • SWAv161.exe (PID: 1192)

    • Reads the computer name

      • SWAv161.exe (PID: 4076)
      • identity_helper.exe (PID: 7200)
      • windowsdesktop-runtime-8.0.13-win-x64.exe (PID: 7404)
      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 7220)
      • msiexec.exe (PID: 3584)
      • msiexec.exe (PID: 7072)
      • msiexec.exe (PID: 2280)
      • SWAv161.exe (PID: 1192)
      • msiexec.exe (PID: 7232)
      • msiexec.exe (PID: 880)

    • Checks supported languages

      • SWAv161.exe (PID: 4076)
      • identity_helper.exe (PID: 7200)
      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 8180)
      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 7220)
      • windowsdesktop-runtime-8.0.13-win-x64.exe (PID: 7404)
      • msiexec.exe (PID: 880)
      • msiexec.exe (PID: 7232)
      • msiexec.exe (PID: 2280)
      • msiexec.exe (PID: 3584)
      • msiexec.exe (PID: 7072)
      • SWAv161.exe (PID: 1192)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6388)
      • msedge.exe (PID: 3524)
      • msiexec.exe (PID: 880)

    • Reads Environment values

      • identity_helper.exe (PID: 7200)

    • Application launched itself

      • msedge.exe (PID: 3524)

    • Create files in a temporary directory

      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 8180)
      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 7220)
      • windowsdesktop-runtime-8.0.13-win-x64.exe (PID: 7404)

    • The sample compiled with english language support

      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 8180)
      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 7220)
      • windowsdesktop-runtime-8.0.13-win-x64.exe (PID: 7404)
      • msiexec.exe (PID: 880)

    • Process checks computer location settings

      • windowsdesktop-runtime-8.0.13-win-x64 (1).exe (PID: 7220)

    • Reads the machine GUID from the registry

      • windowsdesktop-runtime-8.0.13-win-x64.exe (PID: 7404)
      • msiexec.exe (PID: 880)

    • Creates files in the program directory

      • windowsdesktop-runtime-8.0.13-win-x64.exe (PID: 7404)
      • SWAv161.exe (PID: 1192)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 880)

    • Reads the software policy settings

      • msiexec.exe (PID: 880)
      • WerFault.exe (PID: 5208)

    • Checks proxy server information

      • WerFault.exe (PID: 5208)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 5208)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)

EXIF

ZIP

FileVersion: RAR v5
CompressedSize: 826336
UncompressedSize: 2228104
OperatingSystem: Win32
ArchivedFileName: SWA V1.62/SWA V1.62/Guna.UI2.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
192
Monitored processes
58
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs swav161.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs windowsdesktop-runtime-8.0.13-win-x64 (1).exe windowsdesktop-runtime-8.0.13-win-x64 (1).exe windowsdesktop-runtime-8.0.13-win-x64.exe msedge.exe no specs msedge.exe no specs msiexec.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs swav161.exe msedge.exe no specs werfault.exe

Process information

PID
CMD
Path
Indicators
Parent process
644"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2772 --field-trial-handle=2400,i,10633538741447229324,7110624241485570156,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
716"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=5588 --field-trial-handle=2400,i,10633538741447229324,7110624241485570156,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
880C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1192"C:\Users\admin\Desktop\SWA V1.62\SWAv161.exe" C:\Users\admin\Desktop\SWA V1.62\SWAv161.exe
explorer.exe
User:
admin
Company:
SomeWeirdApp
Integrity Level:
MEDIUM
Description:
SomeWeirdApp
Exit code:
3762504530
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\swa v1.62\swav161.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1488"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2528 --field-trial-handle=2400,i,10633538741447229324,7110624241485570156,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2280C:\Windows\syswow64\MsiExec.exe -Embedding B5EE87FA9AB9A03F26ED453B051F62C5C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2292"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3868 --field-trial-handle=2400,i,10633538741447229324,7110624241485570156,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2292"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6244 --field-trial-handle=2400,i,10633538741447229324,7110624241485570156,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
2828"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6236 --field-trial-handle=2400,i,10633538741447229324,7110624241485570156,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2928"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5420 --field-trial-handle=2400,i,10633538741447229324,7110624241485570156,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
28 394
Read events
27 389
Write events
947
Delete events
58

Modification events

(PID) Process:(6388) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6388) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6388) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6388) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\SWA V1.62.rar
(PID) Process:(6388) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6388) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6388) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6388) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6388) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:15
Value:
(PID) Process:(6388) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:14
Value:
Executable files
502
Suspicious files
403
Text files
75
Unknown types
0

Dropped files

PID
Process
Filename
Type
3524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF13d748.TMP
MD5:
SHA256:
3524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
3524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF13d748.TMP
MD5:
SHA256:
3524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
3524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF13d748.TMP
MD5:
SHA256:
3524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
3524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF13d768.TMP
MD5:
SHA256:
3524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
3524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF13d748.TMP
MD5:
SHA256:
3524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
28
TCP/UDP connections
80
DNS requests
87
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6068
svchost.exe
GET
200
2.19.217.218:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
23.67.160.244:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1988
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1988
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6856
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
3524
msedge.exe
GET
200
104.124.11.17:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7428
svchost.exe
HEAD
200
217.20.57.35:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1739887888&P2=404&P3=2&P4=hFddcAydNlJLUxx5%2b71UneTG5M2Sw03nhkWf0MymXl8bNV6RHdoCDSXRJqZh62amnORxBOJ3MuXUdWs3LdMn2Q%3d%3d
unknown
whitelisted
3524
msedge.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
7428
svchost.exe
GET
206
217.20.57.35:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1739887888&P2=404&P3=2&P4=hFddcAydNlJLUxx5%2b71UneTG5M2Sw03nhkWf0MymXl8bNV6RHdoCDSXRJqZh62amnORxBOJ3MuXUdWs3LdMn2Q%3d%3d
unknown
whitelisted
7428
svchost.exe
GET
206
217.20.57.35:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1739887888&P2=404&P3=2&P4=hFddcAydNlJLUxx5%2b71UneTG5M2Sw03nhkWf0MymXl8bNV6RHdoCDSXRJqZh62amnORxBOJ3MuXUdWs3LdMn2Q%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6068
svchost.exe
2.19.217.218:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
6068
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
23.212.110.161:443
www.bing.com
Akamai International B.V.
CZ
whitelisted
1176
svchost.exe
20.190.160.66:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5064
SearchApp.exe
23.67.160.244:80
ocsp.digicert.com
AKAMAI-AS
JP
whitelisted
1176
svchost.exe
23.67.160.244:80
ocsp.digicert.com
AKAMAI-AS
JP
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
  • 51.104.136.2
whitelisted
www.bing.com
  • 23.212.110.161
  • 23.212.110.170
  • 23.212.110.163
  • 23.212.110.171
  • 23.212.110.168
  • 23.212.110.162
  • 23.212.110.177
  • 23.212.110.179
  • 23.212.110.178
  • 184.86.251.22
  • 184.86.251.27
  • 184.86.251.24
  • 184.86.251.9
  • 184.86.251.4
  • 184.86.251.21
whitelisted
login.live.com
  • 20.190.160.66
  • 20.190.160.4
  • 20.190.160.20
  • 20.190.160.128
  • 20.190.160.22
  • 40.126.32.133
  • 20.190.160.132
  • 40.126.32.74
whitelisted
ocsp.digicert.com
  • 23.67.160.244
  • 2.23.77.188
whitelisted
go.microsoft.com
  • 23.35.238.131
  • 2.19.106.8
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
www.microsoft.com
  • 23.219.150.101
  • 199.232.214.172
  • 199.232.210.172
  • 95.101.149.131
  • 2.19.217.218
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted

Threats

No threats detected
Process
Message
SWAv161.exe
You must install .NET to run this application. App: C:\Users\admin\Desktop\SWA V1.62\SWAv161.exe Architecture: x64 App host version: 8.0.8 .NET location: Not found Learn more: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win10&apphost_version=8.0.8
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SWA V1.62.rar