File name:

44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b

Full analysis: https://app.any.run/tasks/a8fa2c78-4a71-4d12-b495-03dea1ce407d
Verdict: Malicious activity
Threats:

Sality is a highly sophisticated malware known for infecting executable files and rapidly spreading across networks. It primarily creates a peer-to-peer botnet that is used for malicious activities such as spamming, data theft, and downloading additional malware. Sality has strong persistence mechanisms, including disabling security software, making it difficult to remove. Its ability to spread quickly and silently, along with its polymorphic nature, allows it to evade detection by traditional antivirus solutions.

Malware Trends Tracker     >>>
Analysis date: December 13, 2024, 20:24:57
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
sality
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

AAC12149429E9C1770D6E4961C07533E

SHA1:

A6318976AEB0164108F9AC1C93593A3A0F90682F

SHA256:

44E287FE6A9916ED3D0F984A21EA33E3AB554F970A7D2FD32D82C286399D3C7B

SSDEEP:

98304:2qGHFYB4mMNHfK3zbWP1QLQ4yQSeXvbDYz7QMPbMyTb2Z/nqoGQyARJdM:p6eKFBAS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • SALITY mutex has been found

      • 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exe (PID: 5592)
      • MicrosoftEdgeUpdate.exe (PID: 4428)

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exe (PID: 5592)
      • MicrosoftEdgeUpdate.exe (PID: 4428)
      • MicrosoftEdgeUpdateSetup.exe (PID: 2432)

    • Executable content was dropped or overwritten

      • 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exe (PID: 5592)
      • MicrosoftEdgeUpdateSetup.exe (PID: 2432)

    • Process drops legitimate windows executable

      • 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exe (PID: 5592)
      • MicrosoftEdgeUpdateSetup.exe (PID: 2432)
      • MicrosoftEdgeUpdate.exe (PID: 2100)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 4428)
      • MicrosoftEdgeUpdate.exe (PID: 2100)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 2100)

  • INFO

    • The sample compiled with english language support

      • 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exe (PID: 5592)
      • MicrosoftEdgeUpdateSetup.exe (PID: 2432)
      • MicrosoftEdgeUpdate.exe (PID: 2100)

    • Checks supported languages

      • 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exe (PID: 5592)
      • MicrosoftEdgeUpdateSetup.exe (PID: 2432)
      • MicrosoftEdgeUpdate.exe (PID: 4428)
      • MicrosoftEdgeUpdate.exe (PID: 2100)

    • Create files in a temporary directory

      • 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exe (PID: 5592)
      • MicrosoftEdgeUpdate.exe (PID: 4428)

    • Reads the computer name

      • 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exe (PID: 5592)
      • MicrosoftEdgeUpdate.exe (PID: 4428)
      • MicrosoftEdgeUpdate.exe (PID: 2100)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 4428)
      • MicrosoftEdgeUpdate.exe (PID: 2100)

    • Creates files in the program directory

      • MicrosoftEdgeUpdateSetup.exe (PID: 2432)
      • MicrosoftEdgeUpdate.exe (PID: 4428)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 2100)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 2100)
      • wermgr.exe (PID: 5568)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 2100)
      • wermgr.exe (PID: 5568)
      • wermgr.exe (PID: 1752)

    • UPX packer has been detected

      • 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exe (PID: 5592)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 4428)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:08:11 05:11:52+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 14.26
CodeSize: 105472
InitializedDataSize: 1661952
UninitializedDataSize: -
EntryPoint: 0x740b
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.3.151.27
ProductVersionNumber: 1.3.151.27
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Microsoft Edge Update Setup
FileVersion: 1.3.151.27
InternalName: Microsoft Edge Update Setup
LegalCopyright: Copyright Microsoft Corporation
OriginalFileName: MicrosoftEdgeUpdateSetup.exe
ProductName: Microsoft Edge Update
ProductVersion: 1.3.151.27
UpstreamVersion: 1.3.99.0
LanguageId: en
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
125
Monitored processes
6
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #SALITY 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exe #SALITY microsoftedgeupdate.exe no specs microsoftedgeupdatesetup.exe microsoftedgeupdate.exe wermgr.exe wermgr.exe

Process information

PID
CMD
Path
Indicators
Parent process
1752"C:\WINDOWS\system32\wermgr.exe" "-outproc" "0" "4428" "1580" "1412" "1584" "0" "0" "0" "0" "0" "0" "0" "0" C:\Windows\SysWOW64\wermgr.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wermgr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2100"C:\Program Files (x86)\Microsoft\Temp\EU6881.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=true" /installelevatedC:\Program Files (x86)\Microsoft\Temp\EU6881.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdateSetup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
2147747592
Modules
Images
c:\program files (x86)\microsoft\temp\eu6881.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2432"C:\Users\admin\AppData\Local\Temp\EU6005.tmp\MicrosoftEdgeUpdateSetup.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=true" /installelevated /nomitagC:\Users\admin\AppData\Local\Temp\EU6005.tmp\MicrosoftEdgeUpdateSetup.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update Setup
Exit code:
2147747592
Version:
1.3.151.27
Modules
Images
c:\users\admin\appdata\local\temp\eu6005.tmp\microsoftedgeupdatesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4428C:\Users\admin\AppData\Local\Temp\EU6005.tmp\MicrosoftEdgeUpdate.exe /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=true"C:\Users\admin\AppData\Local\Temp\EU6005.tmp\MicrosoftEdgeUpdate.exe
44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
2147747592
Version:
1.3.151.27
Modules
Images
c:\users\admin\appdata\local\temp\eu6005.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
5568"C:\WINDOWS\system32\wermgr.exe" "-outproc" "0" "2100" "996" "728" "1000" "0" "0" "0" "0" "0" "0" "0" "0" C:\Windows\SysWOW64\wermgr.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wermgr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5592"C:\Users\admin\Desktop\44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exe" C:\Users\admin\Desktop\44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Exit code:
2147747592
Version:
1.3.151.27
Modules
Images
c:\users\admin\desktop\44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
16 646
Read events
15 563
Write events
1 081
Delete events
2

Modification events

(PID) Process:(5592) 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:GlobalUserOffline
Value:
0
(PID) Process:(5592) 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeKey:HKEY_CURRENT_USER\SOFTWARE\Tvidl
Operation:writeName:a1_0
Value:
114302587
(PID) Process:(5592) 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeKey:HKEY_CURRENT_USER\SOFTWARE\Tvidl
Operation:writeName:a2_0
Value:
9674
(PID) Process:(5592) 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeKey:HKEY_CURRENT_USER\SOFTWARE\Tvidl
Operation:writeName:a3_0
Value:
17001001
(PID) Process:(5592) 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeKey:HKEY_CURRENT_USER\SOFTWARE\Tvidl
Operation:writeName:a4_0
Value:
0
(PID) Process:(5592) 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeKey:HKEY_CURRENT_USER\SOFTWARE\Tvidl
Operation:writeName:a1_1
Value:
(PID) Process:(5592) 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeKey:HKEY_CURRENT_USER\SOFTWARE\Tvidl
Operation:writeName:a2_1
Value:
(PID) Process:(5592) 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeKey:HKEY_CURRENT_USER\SOFTWARE\Tvidl
Operation:writeName:a3_1
Value:
(PID) Process:(5592) 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeKey:HKEY_CURRENT_USER\SOFTWARE\Tvidl
Operation:writeName:a4_1
Value:
(PID) Process:(5592) 44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeKey:HKEY_CURRENT_USER\SOFTWARE\Tvidl
Operation:writeName:a1_2
Value:
971390224
Executable files
303
Suspicious files
1
Text files
9
Unknown types
3

Dropped files

PID
Process
Filename
Type
559244e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeC:\Users\admin\AppData\Local\Temp\EU6005.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:C7264631AAF910880CF72E4AB7354B31
SHA256:98CD4D2C37384AF3DC8775B3E3CD046C8FDD1767A9A9B11F94FAF06022F7C588
559244e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeC:\Users\admin\AppData\Local\Temp\EU6005.tmp\MicrosoftEdgeUpdateOnDemand.exeexecutable
MD5:2E304DE082EEB4FD974379FFCCE93111
SHA256:DF0E942108FB07827645CB8F3C8B7CB7BDE99F5A6613CC1B7F548FDE1FD46F68
559244e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeC:\Users\admin\AppData\Local\Temp\EU6005.tmp\MicrosoftEdgeUpdateCore.exeexecutable
MD5:B6A524D1ABEB4868B67E780EA6C2E267
SHA256:113D781452EA8D2632D50A6C64C4B1728D8D158964C0EA99E6E0B23CC9861D89
559244e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeC:\Users\admin\AppData\Local\Temp\EU6005.tmp\psmachine.dllexecutable
MD5:B02FD944867F935648B4C63AC3AF340C
SHA256:2055EC023310DC7863871DF39D4F69C6C02B8EFB5B756401F73F5F398E414AD4
559244e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeC:\Users\admin\AppData\Local\Temp\EU6005.tmp\psuser.dllexecutable
MD5:AA64DF6BDFDE4269ED60B1549CAF78AE
SHA256:31B3C910AEAC22075AF48FFEFF27BB93B25184E36E1AABAEB00E0587DA1FC44E
559244e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeC:\Users\admin\AppData\Local\Temp\EU6005.tmp\msedgeupdateres_bn.dllexecutable
MD5:CEB156024E4C9B36BC3E217201FC2322
SHA256:FF10D60EC3FF0CD35CE090823BCB2FDD18C825D7EE6CE17655431739E219C17E
559244e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeC:\Users\admin\AppData\Local\Temp\EU6005.tmp\NOTICE.TXTtext
MD5:6DD5BF0743F2366A0BDD37E302783BCD
SHA256:91D3FC490565DED7621FF5198960E501B6DB857D5DD45AF2FE7C3ECD141145F5
559244e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeC:\Users\admin\AppData\Local\Temp\EU6005.tmp\EdgeUpdate.dathiv
MD5:369BBC37CFF290ADB8963DC5E518B9B8
SHA256:3D7EC761BEF1B1AF418B909F1C81CE577C769722957713FDAFBC8131B0A0C7D3
559244e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeC:\Users\admin\AppData\Local\Temp\EU6005.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:9DB970FA6963695477E8A3691C5D9940
SHA256:D5D69FB701C077892A587F3ECBB1010EC0846F5046B05A653A7994154420C328
559244e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b.exeC:\Users\admin\AppData\Local\Temp\EU6005.tmp\psmachine_arm64.dllexecutable
MD5:4A1BD1B969D3563EBA2587399AE7076F
SHA256:8865D01AAE67C2571E75DF968A2A2B47CF827920B259BEA9DF368513DC2B2ED5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
20
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
440
svchost.exe
GET
200
184.24.77.37:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
304
13.107.42.16:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.151.27?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_edgeupdate=6&appConsentState_edgeupdate=0&appDayOfInstall_edgeupdate=0&appInstallTimeDiffSec_edgeupdate=0&appLastLaunchTime_edgeupdate=0&appVersion_edgeupdate=1.3.151.27&appUpdateCheckIsUpdateDisabled_edgeupdate=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=4&hwPhysmemory=4&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osPlatform=win&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=taggedmi&requestIsMachine=true&requestOmahaShellVersion=1.3.147.37&requestOmahaVersion=1.3.151.27
unknown
unknown
GET
304
13.107.42.16:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.151.27?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_webview=5&appConsentState_webview=0&appDayOfInstall_webview=0&appInstallTimeDiffSec_webview=0&appLastLaunchTime_webview=0&appUpdateCheckIsUpdateDisabled_webview=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=4&hwPhysmemory=4&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osPlatform=win&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=taggedmi&requestIsMachine=true&requestOmahaShellVersion=1.3.147.37&requestOmahaVersion=1.3.151.27
unknown
unknown
440
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
440
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
92.123.104.35:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
440
svchost.exe
184.24.77.37:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2100
MicrosoftEdgeUpdate.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
440
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
440
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
www.bing.com
  • 92.123.104.35
  • 92.123.104.62
  • 92.123.104.66
  • 92.123.104.51
  • 92.123.104.36
  • 92.123.104.38
  • 92.123.104.63
  • 92.123.104.34
  • 92.123.104.59
whitelisted
google.com
  • 142.250.181.238
whitelisted
crl.microsoft.com
  • 184.24.77.37
  • 184.24.77.35
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
watson.events.data.microsoft.com
  • 52.168.117.173
whitelisted
self.events.data.microsoft.com
  • 13.89.179.11
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
44e287fe6a9916ed3d0f984a21ea33e3ab554f970a7d2fd32d82c286399d3c7b