File name:

Kontakt_Button.exe

Full analysis: https://app.any.run/tasks/b03a02ef-5f50-447a-b747-adddad6400f5
Verdict: Malicious activity
Analysis date: March 07, 2025, 14:06:15
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
delphi
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 7 sections
MD5:

13727F2FED46FCC470C680E7DAA19D73

SHA1:

3E0E0BB0F53EA0AF8B4860B69C368A5F01F0C453

SHA256:

56769BB068F941B8F14516614E9F2B866EB1B182F47FE613F2596D6746AC2A12

SSDEEP:

98304:lWq9K7zpN+Vj3bPjOlrwf4+18Rka8FIwcAbcrCgMw38FZ5L5txL4P8F8vvYzYFpx:H3GXGHsEi2HZsMzffrMUSwtmnnR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Executing a file with an untrusted certificate

      • R2RKTMGR.exe (PID: 7172)
      • R2RKTMGR.exe (PID: 2392)
  • SUSPICIOUS

    • Drops a system driver (possible attempt to evade defenses)

      • Kontakt_Button.exe (PID: 904)
    • Executable content was dropped or overwritten

      • Kontakt_Button.exe (PID: 904)
      • Kontakt_button.exe (PID: 896)
      • Add Library.exe (PID: 7800)
    • Reads security settings of Internet Explorer

      • Kontakt_Button.exe (PID: 904)
      • Kontakt_button.exe (PID: 896)
    • Drops 7-zip archiver for unpacking

      • Kontakt_Button.exe (PID: 904)
    • The process creates files with name similar to system file names

      • Kontakt_Button.exe (PID: 904)
    • Reads the date of Windows installation

      • Kontakt_Button.exe (PID: 904)
    • Reads Microsoft Outlook installation path

      • Kontakt_button.exe (PID: 896)
    • Reads Internet Explorer settings

      • Kontakt_button.exe (PID: 896)
    • There is functionality for taking screenshot (YARA)

      • Kontakt_Button.exe (PID: 904)
      • Kontakt_button.exe (PID: 896)
    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 7180)
    • Starts CMD.EXE for commands execution

      • Kontakt_button.exe (PID: 896)
    • Executing commands from a ".bat" file

      • Kontakt_button.exe (PID: 896)
  • INFO

    • Create files in a temporary directory

      • Kontakt_Button.exe (PID: 904)
      • Kontakt_button.exe (PID: 896)
      • Add Library.exe (PID: 7800)
      • Add Library.exe (PID: 7820)
    • Reads the computer name

      • Kontakt_Button.exe (PID: 904)
      • Kontakt_button.exe (PID: 896)
    • The sample compiled with english language support

      • Kontakt_Button.exe (PID: 904)
      • Kontakt_button.exe (PID: 896)
    • The sample compiled with german language support

      • Kontakt_Button.exe (PID: 904)
    • Checks supported languages

      • Kontakt_button.exe (PID: 896)
      • Kontakt_Button.exe (PID: 904)
    • Process checks computer location settings

      • Kontakt_Button.exe (PID: 904)
    • Checks proxy server information

      • Kontakt_button.exe (PID: 896)
    • Creates files or folders in the user directory

      • Kontakt_button.exe (PID: 896)
      • BackgroundTransferHost.exe (PID: 7724)
    • The sample compiled with russian language support

      • Add Library.exe (PID: 7800)
    • Compiled with Borland Delphi (YARA)

      • Kontakt_button.exe (PID: 896)
    • UPX packer has been detected

      • Kontakt_button.exe (PID: 896)
    • Manual execution by a user

      • R2RKTMGR.exe (PID: 7172)
      • R2RKTMGR.exe (PID: 2392)
      • cmd.exe (PID: 7180)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2021:06:11 09:16:51+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14
CodeSize: 223744
InitializedDataSize: 115200
UninitializedDataSize: -
EntryPoint: 0x24b40
OSVersion: 5.2
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows GUI
FileVersionNumber: 7.0.0.0
ProductVersionNumber: 7.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: Kontakt Library Tools 7.0.0
CompanyName: Native Instruments
FileDescription: Kontakt Library Tools
FileVersion: 7.0.0.0
LegalCopyright: Bob Dule
ProductName: Kontakt Library Tools 7
ProductVersion: 7
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
161
Monitored processes
26
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start kontakt_button.exe kontakt_button.exe sppextcomobj.exe no specs slui.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe add library.exe add library.exe no specs add library.exe no specs add library.exe no specs backgroundtransferhost.exe no specs add library.exe add library.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs kontaktliborganizer.exe no specs rundll32.exe no specs r2rktmgr.exe no specs r2rktmgr.exe cmd.exe no specs conhost.exe no specs reg.exe no specs reg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
896"C:\Users\admin\AppData\Local\Temp\RarSFX0\Kontakt_Button.exe" C:\Users\admin\AppData\Local\Temp\RarSFX0\Kontakt_button.exe
Kontakt_Button.exe
User:
admin
Company:
Native Instruments
Integrity Level:
MEDIUM
Description:
Kontakt Debrider
Version:
1.0.0.1
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\kontakt_button.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
904"C:\Users\admin\AppData\Local\Temp\Kontakt_Button.exe" C:\Users\admin\AppData\Local\Temp\Kontakt_Button.exe
explorer.exe
User:
admin
Company:
Native Instruments
Integrity Level:
MEDIUM
Description:
Kontakt Library Tools
Version:
7.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\kontakt_button.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.3996_none_91a79472cc852ba0\gdiplus.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
2392"C:\Users\admin\AppData\Local\Temp\RarSFX0\Data\KTMGR\R2RKTMGR.exe" C:\Users\admin\AppData\Local\Temp\RarSFX0\Data\KTMGR\R2RKTMGR.exe
explorer.exe
User:
admin
Company:
TEAM R2R
Integrity Level:
HIGH
Description:
TEAM R2R Kontakt Manager
Exit code:
1
Version:
1.1.5.1
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\data\ktmgr\r2rktmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3140"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exeSppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4000"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
5608reg add "HKEY_CURRENT_USER\SOFTWARE\TEAM R2R\R2RKTMGR" /v "EnableFactoryLibrary2HotFix" /t REG_DWORD /d "1" /f C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
6872C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
7036"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
7172"C:\Users\admin\AppData\Local\Temp\RarSFX0\Data\KTMGR\R2RKTMGR.exe" C:\Users\admin\AppData\Local\Temp\RarSFX0\Data\KTMGR\R2RKTMGR.exeexplorer.exe
User:
admin
Company:
TEAM R2R
Integrity Level:
MEDIUM
Description:
TEAM R2R Kontakt Manager
Exit code:
3221226540
Version:
1.1.5.1
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\data\ktmgr\r2rktmgr.exe
c:\windows\system32\ntdll.dll
7180C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\RarSFX0\Data\KTMGR\License OFF.bat" "C:\Windows\System32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
Total events
5 480
Read events
5 460
Write events
20
Delete events
0

Modification events

(PID) Process:(896) Kontakt_button.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(896) Kontakt_button.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(896) Kontakt_button.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7496) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7496) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7496) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(8060) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(8060) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(8060) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7724) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
Executable files
57
Suspicious files
12
Text files
33
Unknown types
0

Dropped files

PID
Process
Filename
Type
904Kontakt_Button.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\Data\Native Access.cmdtext
MD5:ADB15CD976D5F5CCEE9AADE5944BAD62
SHA256:A0A01764C944C3CE9D01A17CDF0E1A5AB9F625C798E91FF8062262C440AC80E3
904Kontakt_Button.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\Data\Nicnt Maker\Nicnt Maker.exeexecutable
MD5:A91146F968309552C2ABEA48EA0DD7CF
SHA256:58ADCCEE4172191838DD38398D73B0C024AD47E36D48057DB376D3E445A87C9C
904Kontakt_Button.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\Data\KontaktLibOrganizer.exeexecutable
MD5:02AF6843BAE1B664C1CB0D05E0144A63
SHA256:A62D2B0230C67922D15E738F769ACAA3A980D080C671E5D42A84628735F54C9B
904Kontakt_Button.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\Data\parser\Jsort.batbinary
MD5:335E6E5897DC39D02C75EEBA68CF6251
SHA256:4700A43EA1A532595CE0A4BCD91D72239A9EDAFADFD87FDD3D4995945D45CD90
904Kontakt_Button.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\Data\parser\Native_Access_Parser.battext
MD5:5B43C8E27141342EB08ABC24BF5EB25B
SHA256:028F7E2F33CE3C25914A3AA1D481196104EFFB86CD751DD838156D276AC8F727
904Kontakt_Button.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\Data\totalcmd\CGLPT64.SYSexecutable
MD5:C6E5B7ECFB1AA7A104BC3C0C081E36E0
SHA256:0108B00762DE94C189224874DD064E6EC65EE8F3BFF65801A6FB8D25AF7DE617
904Kontakt_Button.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\Data\parser\Native_Access_SNPID.txttext
MD5:A71B30288342ECA0CA92169EFB7C475F
SHA256:36509EEC65F8268688EEF6371FF88CED8DD18B0A5E0AD04B253E3A7453FFBAE0
904Kontakt_Button.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\Data\parser\XML_PARSER_Native_Access.ps1text
MD5:BE25BA0AE30F1309967E687A5585B22E
SHA256:156A7979747815411816B7331917221C1B23175F2C9D52213DFAA112DB380AA6
904Kontakt_Button.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\Data\totalcmd\BLAKEX32.DLLexecutable
MD5:ED972B41C29737564FB1AE411D801CF0
SHA256:033F4AAB3E5F65C15A93B4F55834AFECC050A3E3919888CA9E8C5B49EB94CD4A
904Kontakt_Button.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\Data\Key Adder.exeexecutable
MD5:8907D44D562DEF8BFE7C40340EF9DE45
SHA256:45057C04BD25C1DD25310B616ABC9197020984E57C7362AD163A85E2B3E0E333
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
26
DNS requests
13
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5404
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
7668
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7724
BackgroundTransferHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
7668
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
40.126.32.138:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
5404
backgroundTaskHost.exe
20.103.156.88:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5404
backgroundTaskHost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7724
BackgroundTransferHost.exe
2.16.110.168:443
www.bing.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
google.com
  • 142.250.185.142
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
login.live.com
  • 40.126.32.138
  • 20.190.160.128
  • 40.126.32.74
  • 40.126.32.136
  • 20.190.160.4
  • 20.190.160.67
  • 20.190.160.14
  • 20.190.160.22
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
arc.msn.com
  • 20.103.156.88
whitelisted
www.bing.com
  • 2.16.110.168
  • 2.16.110.145
  • 2.16.110.203
  • 2.16.110.121
  • 2.16.110.195
  • 2.16.110.179
  • 2.16.110.170
  • 2.16.110.136
  • 2.16.110.130
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
www.microsoft.com
  • 23.52.120.96
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted

Threats

No threats detected
No debug info