File name:

DeskRest_n.exe

Full analysis: https://app.any.run/tasks/2db18a62-f82e-4680-954b-2ce45b4cb025
Verdict: Malicious activity
Analysis date: March 12, 2026, 15:42:51
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
evasion
inno
installer
delphi
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

35956356B20F6D37C4FDCAF0D75804F0

SHA1:

18CFD77094A85BA4DD930CDCFC36FD0CBC01C446

SHA256:

51312177A9C81AE610E7B73A8D3330C54C130BAF901516351D250357D0C3FF6D

SSDEEP:

98304:Frq3Bdwx+32mWzRHqk/QXBT1w4Al0k//MB4yxldKERVaQeG5AOpCnz4o/RC+pbuJ:OYbHjiVw0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • DeskRest.exe (PID: 1868)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • DeskRest_n.tmp (PID: 8912)

    • Executable content was dropped or overwritten

      • DeskRest_n.exe (PID: 9208)
      • DeskRest_n.tmp (PID: 8912)

    • Checks for external IP

      • svchost.exe (PID: 2292)
      • DeskRest_n.tmp (PID: 8912)
      • DeskRest.exe (PID: 1868)

    • Reads Microsoft Outlook installation path

      • DeskRest.exe (PID: 1868)

    • Reads Internet Explorer settings

      • DeskRest.exe (PID: 1868)

  • INFO

    • Checks supported languages

      • DeskRest_n.exe (PID: 9208)
      • DeskRest_n.tmp (PID: 8912)
      • DeskRest.exe (PID: 1868)
      • DeskRest.exe (PID: 768)
      • DeskRest.exe (PID: 3976)

    • Reads Environment values

      • DeskRest_n.exe (PID: 9208)
      • DeskRest_n.tmp (PID: 8912)

    • Reads the computer name

      • DeskRest_n.tmp (PID: 8912)
      • DeskRest.exe (PID: 1868)
      • DeskRest.exe (PID: 768)
      • DeskRest.exe (PID: 3976)

    • Create files in a temporary directory

      • DeskRest_n.exe (PID: 9208)
      • DeskRest_n.tmp (PID: 8912)

    • The sample compiled with english language support

      • DeskRest_n.tmp (PID: 8912)

    • Detects InnoSetup installer (YARA)

      • DeskRest_n.exe (PID: 9208)
      • DeskRest_n.tmp (PID: 8912)

    • Compiled with Borland Delphi (YARA)

      • DeskRest_n.exe (PID: 9208)
      • DeskRest_n.tmp (PID: 8912)

    • Creates a software uninstall entry

      • DeskRest_n.tmp (PID: 8912)

    • Creates files or folders in the user directory

      • DeskRest_n.tmp (PID: 8912)
      • DeskRest.exe (PID: 1868)

    • There is functionality for taking screenshot (YARA)

      • DeskRest_n.tmp (PID: 8912)

    • Disables trace logs

      • DeskRest.exe (PID: 1868)
      • DeskRest.exe (PID: 768)
      • DeskRest.exe (PID: 3976)

    • Reads the machine GUID from the registry

      • DeskRest.exe (PID: 1868)
      • DeskRest.exe (PID: 768)
      • DeskRest.exe (PID: 3976)

    • Creates files in the program directory

      • DeskRest.exe (PID: 1868)

    • Reads security settings of Internet Explorer

      • DeskRest.exe (PID: 1868)
      • DeskRest.exe (PID: 768)
      • DeskRest.exe (PID: 3976)

    • Manual execution by a user

      • DeskRest.exe (PID: 768)
      • DeskRest.exe (PID: 3976)

    • Launching a file from a Registry key

      • DeskRest.exe (PID: 1868)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:10 14:47:11+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 685056
InitializedDataSize: 203776
UninitializedDataSize: -
EntryPoint: 0xa83bc
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 1.0.2.1
ProductVersionNumber: 1.0.2.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: AppSalt
FileDescription: DeskRest installer
FileVersion: 1.0.2.1
LegalCopyright: © AppSalt
OriginalFileName: DeskRest.exe
ProductName: DeskRest
ProductVersion: 1.0.2.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
156
Monitored processes
7
Malicious processes
0
Suspicious processes
3

Behavior graph

Click at the process to see the details
start deskrest_n.exe deskrest_n.tmp svchost.exe deskrest.exe deskrest.exe deskrest.exe slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
768"C:\Users\admin\AppData\Local\Programs\DeskRest\DeskRest.exe" C:\Users\admin\AppData\Local\Programs\DeskRest\DeskRest.exe
explorer.exe
User:
admin
Company:
AppSalt
Integrity Level:
MEDIUM
Description:
Desk Rest
Exit code:
0
Version:
1.0.2.1
Modules
Images
c:\users\admin\appdata\local\programs\deskrest\deskrest.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
1520C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1868"C:\Users\admin\AppData\Local\Programs\DeskRest\DeskRest.exe"C:\Users\admin\AppData\Local\Programs\DeskRest\DeskRest.exe
DeskRest_n.tmp
User:
admin
Company:
AppSalt
Integrity Level:
MEDIUM
Description:
Desk Rest
Version:
1.0.2.1
Modules
Images
c:\users\admin\appdata\local\programs\deskrest\deskrest.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
2292C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
3976"C:\Users\admin\AppData\Local\Programs\DeskRest\DeskRest.exe" C:\Users\admin\AppData\Local\Programs\DeskRest\DeskRest.exe
explorer.exe
User:
admin
Company:
AppSalt
Integrity Level:
MEDIUM
Description:
Desk Rest
Exit code:
0
Version:
1.0.2.1
Modules
Images
c:\users\admin\appdata\local\programs\deskrest\deskrest.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
8912"C:\Users\admin\AppData\Local\Temp\is-7SIVP.tmp\DeskRest_n.tmp" /SL5="$16020A,5342404,889856,C:\Users\admin\AppData\Local\Temp\DeskRest_n.exe" C:\Users\admin\AppData\Local\Temp\is-7SIVP.tmp\DeskRest_n.tmp
DeskRest_n.exe
User:
admin
Company:
AppSalt
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-7sivp.tmp\deskrest_n.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
9208"C:\Users\admin\AppData\Local\Temp\DeskRest_n.exe" C:\Users\admin\AppData\Local\Temp\DeskRest_n.exe
explorer.exe
User:
admin
Company:
AppSalt
Integrity Level:
MEDIUM
Description:
DeskRest installer
Exit code:
0
Version:
1.0.2.1
Modules
Images
c:\users\admin\appdata\local\temp\deskrest_n.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
Total events
17 831
Read events
17 786
Write events
45
Delete events
0

Modification events

(PID) Process:(8912) DeskRest_n.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
D0220000C3E450E636B2DC01
(PID) Process:(8912) DeskRest_n.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
6C4E9DD8364EE05062A41A6317FA02D21B62B34B3C572F08D0D75BC3F83EF2F8
(PID) Process:(8912) DeskRest_n.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(8912) DeskRest_n.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Hgsdk\CurrentVersion
Operation:writeName:B7F0E3FA-E812-4CE3-A5EA-174B209C1C22
Value:
c02278aa-fc7e-4d76-b813-8add9569ba6b
(PID) Process:(8912) DeskRest_n.tmpKey:HKEY_CURRENT_USER\SOFTWARE\DeskRest
Operation:writeName:version
Value:
1.0.2.1
(PID) Process:(8912) DeskRest_n.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2D32CA0-EE2E-448F-AA7B-4E42C2DEA320}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.3.1
(PID) Process:(8912) DeskRest_n.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2D32CA0-EE2E-448F-AA7B-4E42C2DEA320}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Users\admin\AppData\Local\Programs\DeskRest
(PID) Process:(8912) DeskRest_n.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2D32CA0-EE2E-448F-AA7B-4E42C2DEA320}_is1
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Programs\DeskRest\
(PID) Process:(8912) DeskRest_n.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2D32CA0-EE2E-448F-AA7B-4E42C2DEA320}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
DeskRest
(PID) Process:(8912) DeskRest_n.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2D32CA0-EE2E-448F-AA7B-4E42C2DEA320}_is1
Operation:writeName:Inno Setup: User
Value:
admin
Executable files
45
Suspicious files
23
Text files
23
Unknown types
0

Dropped files

PID
Process
Filename
Type
9208DeskRest_n.exeC:\Users\admin\AppData\Local\Temp\is-7SIVP.tmp\DeskRest_n.tmpexecutable
MD5:AA4F1DA70152050AAC01142E3BBA0BBC
SHA256:45233256F663E772928033F10EC28B6FD8863A4CA1B0C97005D29AA274BF1910
8912DeskRest_n.tmpC:\Users\admin\AppData\Local\Temp\is-03H9D.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
8912DeskRest_n.tmpC:\Users\admin\AppData\Local\Temp\is-03H9D.tmp\hgsdk.dllexecutable
MD5:0616F27F116B73472CEA900EF8DF68AB
SHA256:C714754C5B3A91E2AE19016526F80049E1D550CE6298480786FED52126E7BFB6
8912DeskRest_n.tmpC:\Users\admin\AppData\Local\Programs\DeskRest\is-J7AVD.tmpexecutable
MD5:AA4F1DA70152050AAC01142E3BBA0BBC
SHA256:45233256F663E772928033F10EC28B6FD8863A4CA1B0C97005D29AA274BF1910
8912DeskRest_n.tmpC:\Users\admin\AppData\Local\Programs\DeskRest\is-BHHNL.tmpexecutable
MD5:1516B639CB76FEDBE8A18004C5D35ECF
SHA256:97C2E94FFA2A46A7976CEDDC92A7C824E74AF3461D7D03F74893F6E96B4A722E
8912DeskRest_n.tmpC:\Users\admin\AppData\Local\Programs\DeskRest\DeskRest.exeexecutable
MD5:1516B639CB76FEDBE8A18004C5D35ECF
SHA256:97C2E94FFA2A46A7976CEDDC92A7C824E74AF3461D7D03F74893F6E96B4A722E
8912DeskRest_n.tmpC:\Users\admin\AppData\Local\Programs\DeskRest\is-LAR47.tmpxml
MD5:0A287FC10035D2397B7077D3BFC719E2
SHA256:D86ED907EA630197E02CF86F0B4C509A1DDCD4E08A0E44B9879D1766F3B74B07
8912DeskRest_n.tmpC:\Users\admin\AppData\Local\Programs\DeskRest\hgsdk.dllexecutable
MD5:0616F27F116B73472CEA900EF8DF68AB
SHA256:C714754C5B3A91E2AE19016526F80049E1D550CE6298480786FED52126E7BFB6
8912DeskRest_n.tmpC:\Users\admin\AppData\Local\Programs\DeskRest\unins000.exeexecutable
MD5:AA4F1DA70152050AAC01142E3BBA0BBC
SHA256:45233256F663E772928033F10EC28B6FD8863A4CA1B0C97005D29AA274BF1910
8912DeskRest_n.tmpC:\Users\admin\AppData\Local\Programs\DeskRest\Hardcodet.NotifyIcon.Wpf.dllexecutable
MD5:4428D7F25EC3B9EA766BE31D634B92F0
SHA256:C6F5A071A273706A834BFB0F499B4A76E5247297E94C0DF6CE8217BB074F3329
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
121
TCP/UDP connections
54
DNS requests
34
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6768
MoUsoCoreWorker.exe
GET
304
51.124.78.146:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
US
whitelisted
356
svchost.exe
POST
400
40.126.31.129:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
203 b
whitelisted
356
svchost.exe
POST
400
40.126.31.129:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
203 b
whitelisted
356
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
US
binary
471 b
whitelisted
356
svchost.exe
POST
400
40.126.31.129:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
203 b
whitelisted
5180
svchost.exe
GET
304
51.124.78.146:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
whitelisted
356
svchost.exe
POST
400
40.126.31.129:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
203 b
whitelisted
5180
svchost.exe
GET
200
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaaSAssessment?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=10.0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=WaaSAssessment&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&ServicingBranch=CB&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&HonorWUfBDeferrals=0&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
text
5.74 Kb
whitelisted
5180
svchost.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5180
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
9080
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5180
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5568
SearchApp.exe
92.123.104.39:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8912
DeskRest_n.tmp
34.117.59.81:443
ipinfo.io
GOOGLE-CLOUD-PLATFORM
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 51.124.78.146
whitelisted
self.events.data.microsoft.com
  • 52.182.141.63
whitelisted
google.com
  • 142.251.143.110
whitelisted
www.bing.com
  • 92.123.104.39
  • 92.123.104.45
  • 92.123.104.29
  • 92.123.104.34
  • 92.123.104.35
  • 92.123.104.33
  • 92.123.104.30
  • 92.123.104.31
  • 92.123.104.46
  • 92.123.104.37
  • 92.123.104.41
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
ipinfo.io
  • 34.117.59.81
whitelisted
analytics.appsalt.com
  • 104.26.8.75
  • 104.26.9.75
  • 172.67.69.130
unknown
login.live.com
  • 40.126.31.129
  • 20.190.159.73
  • 40.126.31.71
  • 40.126.31.131
  • 40.126.31.69
  • 20.190.159.130
  • 20.190.159.71
  • 40.126.31.67
whitelisted

Threats

PID
Process
Class
Message
8912
DeskRest_n.tmp
Device Retrieving External IP Address Detected
ET INFO Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
8912
DeskRest_n.tmp
Device Retrieving External IP Address Detected
ET INFO External IP Lookup SSL Cert Observed (ipinfo .io)
2292
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
8912
DeskRest_n.tmp
Device Retrieving External IP Address Detected
ET INFO External IP Lookup ipinfo.io
6768
MoUsoCoreWorker.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
1868
DeskRest.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup SSL Cert Observed (ipinfo .io)
1868
DeskRest.exe
Device Retrieving External IP Address Detected
ET INFO Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
2292
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
1868
DeskRest.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup ipinfo.io
2292
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
Process
Message
DeskRest.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
DeskRest.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
DeskRest.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
DeskRest.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
DeskRest.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
DeskRest.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DeskRest_n.exe