File name:

49f0cdb4cb8c7c0f2ea2a0f88f1802d8788d949ae7e3be5bda31b03a2be9cb04.exe

Full analysis: https://app.any.run/tasks/15a97611-f36c-4305-ad85-d6906a43da8c
Verdict: Malicious activity
Analysis date: November 24, 2024, 00:36:21
OS: Windows 11 Professional (build: 22000, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (console) x86-64, for MS Windows, 11 sections
MD5:

B24A83C233C1779DE6C84AC023E091C3

SHA1:

1A00DBE47FA6CD9AA5A0564089BEF5654F1FD7BB

SHA256:

49F0CDB4CB8C7C0F2EA2A0F88F1802D8788D949AE7E3BE5BDA31B03A2BE9CB04

SSDEEP:

49152:9MShAFDIxmvgn45zxFfRruIlD1axAXZZk0W:9phAFDIxmvgn45zxFfRruIlD1wMZw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Runs injected code in another process

      • 49f0cdb4cb8c7c0f2ea2a0f88f1802d8788d949ae7e3be5bda31b03a2be9cb04.exe (PID: 3356)

    • Application was injected by another process

      • explorer.exe (PID: 2872)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • StartMenuExperienceHost.exe (PID: 1748)

    • The process creates files with name similar to system file names

      • WerFault.exe (PID: 3576)

    • Executes application which crashes

      • explorer.exe (PID: 2872)

    • Reads the Internet Settings

      • StartMenuExperienceHost.exe (PID: 1748)

    • Reads the date of Windows installation

      • StartMenuExperienceHost.exe (PID: 1748)

  • INFO

    • Checks supported languages

      • 49f0cdb4cb8c7c0f2ea2a0f88f1802d8788d949ae7e3be5bda31b03a2be9cb04.exe (PID: 3356)
      • StartMenuExperienceHost.exe (PID: 1748)
      • SearchHost.exe (PID: 3584)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 2872)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 3576)
      • SearchHost.exe (PID: 3584)

    • Reads the Internet Settings

      • explorer.exe (PID: 2872)

    • Checks proxy server information

      • explorer.exe (PID: 2872)
      • SearchHost.exe (PID: 3584)

    • Reads the computer name

      • StartMenuExperienceHost.exe (PID: 1748)
      • SearchHost.exe (PID: 3584)

    • Reads Environment values

      • SearchHost.exe (PID: 3584)

    • Reads product name

      • SearchHost.exe (PID: 3584)

    • Sends debugging messages

      • StartMenuExperienceHost.exe (PID: 1748)

    • Reads the software policy settings

      • SearchHost.exe (PID: 3584)

    • Reads the machine GUID from the registry

      • SearchHost.exe (PID: 3584)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2021:10:21 12:49:34+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.29
CodeSize: 880128
InitializedDataSize: 287232
UninitializedDataSize: -
EntryPoint: 0x671e3
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows command line
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
130
Monitored processes
7
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start 49f0cdb4cb8c7c0f2ea2a0f88f1802d8788d949ae7e3be5bda31b03a2be9cb04.exe no specs conhost.exe no specs explorer.exe werfault.exe no specs startmenuexperiencehost.exe no specs searchhost.exe mobsync.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1748"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mcaC:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exesvchost.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\windows\systemapps\microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy\startmenuexperiencehost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wincorlib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel.appcore.dll
2872C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1467
Version:
10.0.22000.184 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ondemandconnroutehelper.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winnsi.dll
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3356"C:\Users\admin\Desktop\49f0cdb4cb8c7c0f2ea2a0f88f1802d8788d949ae7e3be5bda31b03a2be9cb04.exe" C:\Users\admin\Desktop\49f0cdb4cb8c7c0f2ea2a0f88f1802d8788d949ae7e3be5bda31b03a2be9cb04.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\49f0cdb4cb8c7c0f2ea2a0f88f1802d8788d949ae7e3be5bda31b03a2be9cb04.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3576C:\Windows\system32\WerFault.exe -u -p 2872 -s 11272C:\Windows\System32\WerFault.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.22000.348 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
3584"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mcaC:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Version:
421.22500.3595.0
Modules
Images
c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\searchhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\program files\windowsapps\microsoft.vclibs.140.00_14.0.30704.0_x64__8wekyb3d8bbwe\vcruntime140_app.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
4928\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exe49f0cdb4cb8c7c0f2ea2a0f88f1802d8788d949ae7e3be5bda31b03a2be9cb04.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
6060C:\Windows\System32\mobsync.exe -EmbeddingC:\Windows\System32\mobsync.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Sync Center
Exit code:
0
Version:
10.0.22000.653 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\mobsync.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
Total events
18 098
Read events
18 038
Write events
52
Delete events
8

Modification events

(PID) Process:(2872) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000A0278
Operation:writeName:VirtualDesktop
Value:
10000000303044563DE394579C39C8419A9778CCF1854CD6
(PID) Process:(2872) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Users\admin\Desktop\49f0cdb4cb8c7c0f2ea2a0f88f1802d8788d949ae7e3be5bda31b03a2be9cb04.exe.FriendlyAppName
Value:
49f0cdb4cb8c7c0f2ea2a0f88f1802d8788d949ae7e3be5bda31b03a2be9cb04.exe
(PID) Process:(2872) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Operation:writeName:P:\Hfref\nqzva\Qrfxgbc\49s0pqo4po8p7p0s2rn2n0s88s1802q8788q949nr7r3or5oqn31o03n2or9po04.rkr
Value:
00000000000000000000000010000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
(PID) Process:(2872) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Operation:writeName:HRZR_PGYFRFFVBA
Value:
000000003E02000054040000EF87F401A3000000AD00000075C447004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004500780070006C006F00720065007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000A3000000AD00000075C447004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004500780070006C006F00720065007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000A3000000AD00000075C447004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004500780070006C006F00720065007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2872) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Operation:writeName:IconLayouts
Value:
00000000000000000000000000000000030001000100010013000000000000002C000000000000003A003A007B00360034003500460046003000340030002D0035003000380031002D0031003000310042002D0039004600300038002D003000300041004100300030003200460039003500340045007D003E0020002000000016000000000000004D006900630072006F0073006F0066007400200045006400670065002E006C006E006B003E0020007C000000180000000000000056004C00430020006D006500640069006100200070006C0061007900650072002E006C006E006B003E0020007C0000001600000000000000640065007300630072006900620065006400670069006600740073002E007200740066003E002000200000000F00000000000000460069007200650066006F0078002E006C006E006B003E0020007C0000001000000000000000430043006C00650061006E00650072002E006C006E006B003E0020007C0000001500000000000000410064006F006200650020004100630072006F006200610074002E006C006E006B003E0020007C000000150000000000000047006F006F0067006C00650020004300680072006F006D0065002E006C006E006B003E0020007C0000001000000000000000610072006500610073006300750070002E006A00700067003E00200020000000120000000000000062006F006400790070006F006C006900630065002E007200740066003E002000200000001900000000000000640069007300630075007300730069006F006E0064006900730070006C00610079002E007200740066003E00200020000000100000000000000064006F0077006E006400610072006B002E0070006E0067003E00200020000000140000000000000065006600660065006300740062007500740074006F006E002E007200740066003E002000200000001D0000000000000069006D0070006C0065006D0065006E0074006100740069006F006E0063006F00750072007300650073002E007200740066003E0020002000000011000000000000006C00650061007600650065007900650073002E006A00700067003E002000200000001A000000000000006F00700069006E0069006F006E007300690067006E00690066006900630061006E0074002E006A00700067003E0020002000000013000000000000007200650070006C0069006500730073006F00720074002E0070006E0067003E00200020000000120000000000000077006500620073006900740065006100690072002E007200740066003E00200020000000480000000000000034003900660030006300640062003400630062003800630037006300300066003200650061003200610030006600380038006600310038003000320064003800370038003800640039003400390061006500370065003300620065003500620064006100330031006200300033006100320062006500390063006200300034002E006500780065003E00200020000000010000000000000002000100000000000000000001000000000000000200010000000000000000001100000006000000010000001300000000000000000000000000000000000000803F0000004008000000803F000040400900000000000000404003000000803F000080400A000000803F0000A0400B0000000040000000000C00000000400000803F0D0000000040000000400E0000000040000040400F0000000040000080401000000000400000A0401100000000000000803F01000000000000000040020000000000000080400400000000000000A04005000000803F0000000006000000803F0000803F070000004040000000001200
(PID) Process:(2872) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Operation:writeName:IconNameVersion
Value:
1
(PID) Process:(2872) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts
Operation:writeName:LastUpdate
Value:
0D75426700000000
(PID) Process:(1748) StartMenuExperienceHost.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMode
Operation:writeName:ActualStartMode
Value:
1
(PID) Process:(1748) StartMenuExperienceHost.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TileDataModel\Migration\StartNonLayoutProperties
Operation:writeName:Completed
Value:
1
(PID) Process:(1748) StartMenuExperienceHost.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TileDataModel\Migration\StartNonLayoutProperties_AppUsageData
Operation:writeName:Completed
Value:
1
Executable files
0
Suspicious files
7
Text files
39
Unknown types
0

Dropped files

PID
Process
Filename
Type
3576WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Explorer.EXE_6fb87b0b0ead9ddc48b4e22bb1985ea54d289_8696b2a5_193f3992-c5be-4739-96b7-a132cc95b445\Report.wer
MD5:
SHA256:
3576WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\explorer.exe.2872.dmp
MD5:
SHA256:
3576WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER.1b68dcad-d07b-4b79-a14b-ad52bbb80418.tmp.dmpbinary
MD5:4E75CA6BE26D3DE954695726EBA19A9F
SHA256:80C9D4E842B27EE7B1607BF809B41205B7E0AF5BDD78BD79B6C29C63D9DE7960
3584SearchHost.exeC:\Users\admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\XHPANG5P\www.bing[1].xmltext
MD5:C7F8113735F607156983472B4FF04789
SHA256:EC4E57D0FE166DD2D04007DB92B2F39163657BA4D69A7AE5ABA46189A54C1A1B
3584SearchHost.exeC:\Users\admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbresbinary
MD5:C6FAF834896C23F28D5717B4F476F222
SHA256:0CBF40994D688C08CE21A667D5256198D6B866EB92BC86296706EEA0CAC452C9
2872explorer.exeC:\Users\admin\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.datbinary
MD5:84418143D4EA6C829486C2E0B588D9BB
SHA256:94941FD0417BF809EADC4CDA6234B1C07E8AA8403D2E264858A2747CFBFF02E3
3584SearchHost.exeC:\Users\admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\ServiceWorkerFiles\15B0F0BE-6FF9-426A-8305-8E189D0B3C24\Zrtu2hQ08VU_1.metadatabinary
MD5:A1FA991C989085AE546E27C3A4B55406
SHA256:C412F7A9EAAB5FB8AB87DF9FA55B02B06B0C1C7F3F83487911EE40BAA9C424D8
3584SearchHost.exeC:\Users\admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\ServiceWorkerFiles\15B0F0BE-6FF9-426A-8305-8E189D0B3C24\Zrtu2hQ08VU_1.bytecodebinary
MD5:BD19ACCB09CB43B98ADF2427774BB468
SHA256:3EC4EE59DB2459B05B903D6FDF102F1901795198A2C6CD2AC709E0D199B098B6
3584SearchHost.exeC:\Users\admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\INetCache\I617O04F\th[1].svgimage
MD5:4BE095ACDC5BD77A6D15BA8EF6B04789
SHA256:86BF68885DC7514AC49F005A7A59DBD7A4EA396993DC1C74B49F5693B90C80CA
3584SearchHost.exeC:\Users\admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\INetCache\SQPVT95J\th[2].svgimage
MD5:0818164E5EDC25BBF6109B1477E1C5F0
SHA256:369FB433D6ABAB70CDBFAF7C8A3856C8B9CBA7B1C2E097CBAA455379DFDC39DD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
71
TCP/UDP connections
48
DNS requests
35
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2872
explorer.exe
GET
167.179.116.121:80
http://167.179.116.121/uBaE
unknown
unknown
1296
svchost.exe
GET
200
23.55.161.193:80
http://www.msftconnecttest.com/connecttest.txt
unknown
whitelisted
2996
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
whitelisted
2996
firefox.exe
POST
200
2.18.121.71:80
http://r10.o.lencr.org/
unknown
whitelisted
2996
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
whitelisted
1508
MoUsoCoreWorker.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b1dbd20b2a84d8ed
unknown
whitelisted
2996
firefox.exe
POST
200
2.18.121.78:80
http://r10.o.lencr.org/
unknown
whitelisted
HEAD
200
23.218.208.109:443
https://fs.microsoft.com/fs/windows/config.json
unknown
2996
firefox.exe
POST
200
2.18.121.78:80
http://r10.o.lencr.org/
unknown
whitelisted
GET
200
34.160.144.191:443
https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-12-27-18-19-47.chain
unknown
text
5.22 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4088
rundll32.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3432
OfficeC2RClient.exe
52.109.32.97:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted
2996
firefox.exe
34.149.100.209:443
firefox.settings.services.mozilla.com
GOOGLE
US
whitelisted
2996
firefox.exe
34.120.208.123:443
incoming.telemetry.mozilla.org
GOOGLE-CLOUD-PLATFORM
US
whitelisted
1296
svchost.exe
23.55.161.193:80
Akamai International B.V.
DE
unknown
5552
svchost.exe
239.255.255.250:1900
whitelisted
2872
explorer.exe
167.179.116.121:80
AS-CHOOPA
JP
unknown
1508
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1508
MoUsoCoreWorker.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
whitelisted

DNS requests

Domain
IP
Reputation
officeclient.microsoft.com
  • 52.109.32.97
whitelisted
incoming.telemetry.mozilla.org
  • 34.120.208.123
whitelisted
firefox.settings.services.mozilla.com
  • 34.149.100.209
whitelisted
telemetry-incoming.r53-2.services.mozilla.com
  • 34.120.208.123
whitelisted
prod.remote-settings.prod.webservices.mozgcp.net
  • 34.149.100.209
whitelisted
google.com
  • 142.250.181.238
whitelisted
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
  • 84.201.210.19
  • 84.201.210.37
  • 217.20.57.24
  • 84.201.210.21
  • 217.20.57.22
  • 84.201.210.34
  • 217.20.57.23
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
fp2e7a.wpc.phicdn.net
  • 192.229.221.95
  • 2606:2800:233:fa02:67b:9ff6:6107:833
whitelisted
r10.o.lencr.org
  • 2.18.121.78
  • 2.18.121.71
whitelisted

Threats

PID
Process
Class
Message
1296
svchost.exe
Misc activity
ET INFO Microsoft Connection Test
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
49f0cdb4cb8c7c0f2ea2a0f88f1802d8788d949ae7e3be5bda31b03a2be9cb04.exe