File name:

STR.BYPASS.exe

Full analysis: https://app.any.run/tasks/b1ece310-4976-4858-99cf-105b18c08ce2
Verdict: Malicious activity
Analysis date: June 19, 2025, 15:10:02
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
golang
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

9900848B9A79D1FBBD029C1011B61497

SHA1:

B8CF6312D1864C8C616F92B464BAB5C80172CCE0

SHA256:

5DD5D7D7982CCCB1A7FF2B1BE04C5B414F60791AAD8EF2D8F849EC498CBF82D2

SSDEEP:

98304:i1svXJG6gIS6AMG6PY3nOV2oQcONGxYODZ0ZZnEIfWwd+PmSu6Zlyk2gxfNqoGE+:ruRyBDDSR3qyCFMyXK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • strbypass-setup-1.0.2.exe (PID: 1480)

  • SUSPICIOUS

    • Starts itself from another location

      • STR.BYPASS.exe (PID: 3540)
      • STR.BYPASS.exe (PID: 1520)

    • Executable content was dropped or overwritten

      • STR.BYPASS.exe (PID: 3540)
      • STR.BYPASS.exe (PID: 1520)
      • strbypass-setup-1.0.2.exe (PID: 1480)
      • strbypass-setup-1.0.2.exe (PID: 5764)

    • Searches for installed software

      • STR.BYPASS.exe (PID: 1520)
      • dllhost.exe (PID: 3888)
      • strbypass-setup-1.0.2.exe (PID: 6264)
      • strbypass-setup-1.0.2.exe (PID: 5764)

    • Reads security settings of Internet Explorer

      • STR.BYPASS.exe (PID: 1520)
      • strbypass.exe (PID: 2428)
      • strbypass.exe (PID: 2764)

    • Executes as Windows Service

      • VSSVC.exe (PID: 5232)
      • strbypass.exe (PID: 6796)

    • Creates a software uninstall entry

      • strbypass-setup-1.0.2.exe (PID: 1480)

    • Application launched itself

      • msiexec.exe (PID: 620)
      • strbypass.exe (PID: 2428)
      • strbypass.exe (PID: 6796)
      • strbypass-setup-1.0.2.exe (PID: 4752)
      • strbypass-setup-1.0.2.exe (PID: 6264)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 620)

    • Reads the date of Windows installation

      • strbypass.exe (PID: 2428)

    • There is functionality for taking screenshot (YARA)

      • strbypass.exe (PID: 6796)

  • INFO

    • Create files in a temporary directory

      • STR.BYPASS.exe (PID: 3540)
      • STR.BYPASS.exe (PID: 1520)
      • strbypass-setup-1.0.2.exe (PID: 1480)
      • strbypass-setup-1.0.2.exe (PID: 5764)

    • Checks supported languages

      • STR.BYPASS.exe (PID: 3540)
      • STR.BYPASS.exe (PID: 1520)
      • strbypass-setup-1.0.2.exe (PID: 1480)
      • msiexec.exe (PID: 620)
      • msiexec.exe (PID: 4868)
      • msiexec.exe (PID: 3608)
      • strbypass.exe (PID: 2428)
      • strbypass.exe (PID: 2764)
      • strbypass.exe (PID: 2596)
      • strbypass.exe (PID: 6796)
      • strbypass-setup-1.0.2.exe (PID: 6264)
      • strbypass-setup-1.0.2.exe (PID: 4752)
      • strbypass-setup-1.0.2.exe (PID: 5764)

    • The sample compiled with english language support

      • STR.BYPASS.exe (PID: 3540)
      • STR.BYPASS.exe (PID: 1520)
      • msiexec.exe (PID: 620)
      • strbypass-setup-1.0.2.exe (PID: 1480)
      • strbypass-setup-1.0.2.exe (PID: 5764)

    • Reads the computer name

      • STR.BYPASS.exe (PID: 1520)
      • strbypass-setup-1.0.2.exe (PID: 1480)
      • msiexec.exe (PID: 4868)
      • msiexec.exe (PID: 620)
      • msiexec.exe (PID: 3608)
      • strbypass.exe (PID: 2428)
      • strbypass.exe (PID: 2596)
      • strbypass.exe (PID: 6796)
      • strbypass.exe (PID: 2764)
      • strbypass-setup-1.0.2.exe (PID: 5764)

    • Process checks computer location settings

      • STR.BYPASS.exe (PID: 1520)
      • strbypass.exe (PID: 2428)

    • Manages system restore points

      • SrTasks.exe (PID: 2356)

    • Creates files in the program directory

      • strbypass-setup-1.0.2.exe (PID: 1480)

    • Launching a file from a Registry key

      • strbypass-setup-1.0.2.exe (PID: 1480)

    • The sample compiled with chinese language support

      • STR.BYPASS.exe (PID: 1520)
      • strbypass-setup-1.0.2.exe (PID: 1480)
      • msiexec.exe (PID: 620)

    • Reads the machine GUID from the registry

      • strbypass-setup-1.0.2.exe (PID: 1480)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 620)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 620)

    • Manual execution by a user

      • strbypass-setup-1.0.2.exe (PID: 6264)

    • Application based on Golang

      • strbypass.exe (PID: 6796)

    • Detects GO elliptic curve encryption (YARA)

      • strbypass.exe (PID: 6796)

    • Reads the software policy settings

      • slui.exe (PID: 5244)

    • Checks proxy server information

      • slui.exe (PID: 5244)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:22 22:14:43+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.16
CodeSize: 314368
InitializedDataSize: 164352
UninitializedDataSize: -
EntryPoint: 0x302e5
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.2.0
ProductVersionNumber: 1.0.2.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Strugov97
FileDescription: STR BYPASS
FileVersion: 1.0.2
InternalName: setup
LegalCopyright: Copyright (c) Strugov97. All rights reserved.
OriginalFileName: strbypass-setup-1.0.2.exe
ProductName: STR BYPASS
ProductVersion: 1.0.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
156
Monitored processes
18
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start str.bypass.exe str.bypass.exe strbypass-setup-1.0.2.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe msiexec.exe no specs msiexec.exe no specs strbypass.exe no specs strbypass.exe strbypass.exe no specs strbypass.exe no specs slui.exe strbypass-setup-1.0.2.exe no specs strbypass-setup-1.0.2.exe no specs strbypass-setup-1.0.2.exe

Process information

PID
CMD
Path
Indicators
Parent process
620C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1480"C:\Users\admin\AppData\Local\Temp\{9B2CCCB1-B621-4F71-A085-B942AABD3DD1}\.be\strbypass-setup-1.0.2.exe" -q -burn.elevated BurnPipe.{A41E3236-141B-4FE6-B0BD-36710652816E} {4CF379FD-3914-43B7-8E61-6C5BF39C954A} 1520C:\Users\admin\AppData\Local\Temp\{9B2CCCB1-B621-4F71-A085-B942AABD3DD1}\.be\strbypass-setup-1.0.2.exe
STR.BYPASS.exe
User:
admin
Company:
Strugov97
Integrity Level:
HIGH
Description:
STR BYPASS
Exit code:
0
Version:
1.0.2
Modules
Images
c:\users\admin\appdata\local\temp\{9b2cccb1-b621-4f71-a085-b942aabd3dd1}\.be\strbypass-setup-1.0.2.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1520"C:\Users\admin\AppData\Local\Temp\{6269F4B1-15C5-4972-B5A9-81E0AADA3E54}\.cr\STR.BYPASS.exe" -burn.clean.room="C:\Users\admin\Desktop\STR.BYPASS.exe" -burn.filehandle.attached=696 -burn.filehandle.self=704 C:\Users\admin\AppData\Local\Temp\{6269F4B1-15C5-4972-B5A9-81E0AADA3E54}\.cr\STR.BYPASS.exe
STR.BYPASS.exe
User:
admin
Company:
Strugov97
Integrity Level:
MEDIUM
Description:
STR BYPASS
Exit code:
0
Version:
1.0.2
Modules
Images
c:\users\admin\appdata\local\temp\{6269f4b1-15c5-4972-b5a9-81e0aada3e54}\.cr\str.bypass.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2356C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2428"C:\Program Files\STR BYPASS\strbypass.exe"C:\Program Files\STR BYPASS\strbypass.exemsiexec.exe
User:
admin
Company:
Amnezia
Integrity Level:
HIGH
Description:
STR BYPASS
Exit code:
0
Version:
1.0.2
Modules
Images
c:\program files\str bypass\strbypass.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\powrprof.dll
2596"C:\Program Files\STR BYPASS\strbypass.exe" /installmanagerserviceC:\Program Files\STR BYPASS\strbypass.exe
strbypass.exe
User:
SYSTEM
Company:
Amnezia
Integrity Level:
SYSTEM
Description:
STR BYPASS
Exit code:
0
Version:
1.0.2
Modules
Images
c:\program files\str bypass\strbypass.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\powrprof.dll
2764"C:\Program Files\STR BYPASS\strbypass.exe" /ui 840 836 848 856C:\Program Files\STR BYPASS\strbypass.exestrbypass.exe
User:
admin
Company:
Amnezia
Integrity Level:
HIGH
Description:
STR BYPASS
Version:
1.0.2
Modules
Images
c:\program files\str bypass\strbypass.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\powrprof.dll
3540"C:\Users\admin\Desktop\STR.BYPASS.exe" C:\Users\admin\Desktop\STR.BYPASS.exe
explorer.exe
User:
admin
Company:
Strugov97
Integrity Level:
MEDIUM
Description:
STR BYPASS
Exit code:
0
Version:
1.0.2
Modules
Images
c:\users\admin\desktop\str.bypass.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3576\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3608C:\Windows\System32\MsiExec.exe -Embedding 16BB6E93093BDB667A1F126C8E0D4D8A E Global\MSI0000C:\Windows\System32\msiexec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
17 359
Read events
16 672
Write events
644
Delete events
43

Modification events

(PID) Process:(3888) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
48000000000000009EAEAC452CE1DB01300F0000AC0E0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1480) strbypass-setup-1.0.2.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
40000000000000009EAEAC452CE1DB01C8050000C80A0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3888) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000392FD5452CE1DB01300F0000AC0E0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3888) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000392FD5452CE1DB01300F0000AC0E0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3888) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
4800000000000000392FD5452CE1DB01300F0000AC0E0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3888) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000F4C1DE452CE1DB01300F0000AC0E0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3888) dllhost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(3888) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
480000000000000077C21C462CE1DB01300F0000AC0E0000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3888) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000078C21462CE1DB01300F0000F8140000E8030000010000000000000000000000B9E683E52A85D5418F4785990E700C7400000000000000000000000000000000
(PID) Process:(5232) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000EECF2F462CE1DB017014000058030000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
19
Suspicious files
14
Text files
13
Unknown types
12

Dropped files

PID
Process
Filename
Type
3888dllhost.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
1520STR.BYPASS.exeC:\Users\admin\AppData\Local\Temp\{9B2CCCB1-B621-4F71-A085-B942AABD3DD1}\.ba\logo.pngimage
MD5:8346E21859A269DCCF1E408DC7593CCA
SHA256:CD2E8ED1FBB308D9D166F49794D323A9B22EFBA1033CDF906D1F4B030319E01B
1520STR.BYPASS.exeC:\Users\admin\AppData\Local\Temp\{9B2CCCB1-B621-4F71-A085-B942AABD3DD1}\.ba\wixstdba.dllexecutable
MD5:87C8A7EA44E8EE0D9358E25B7DCD397D
SHA256:B7DE0A0CA3A94738747ABD708E30BA1F9638A8C8B7D8173C76D4F39FAE3D9346
3540STR.BYPASS.exeC:\Users\admin\AppData\Local\Temp\{6269F4B1-15C5-4972-B5A9-81E0AADA3E54}\.cr\STR.BYPASS.exeexecutable
MD5:D47F798CAB3CB744F959FC3FF7E8C3A2
SHA256:BDDE9890FB1F081FADDBA1698729FECCC5F230D2B21FE10F23C8D24F04DAA4FC
3888dllhost.exeC:\System Volume Information\SPP\OnlineMetadataCache\{e583e6b9-852a-41d5-8f47-85990e700c74}_OnDiskSnapshotPropbinary
MD5:21A7D1116E5DB8DA5454B0312EB3A0A9
SHA256:5AF2C53813B366C1B4307DD3113F73926C272D628E98CD6A064ADF3F43C05C6D
3888dllhost.exeC:\System Volume Information\SPP\snapshot-2binary
MD5:21A7D1116E5DB8DA5454B0312EB3A0A9
SHA256:5AF2C53813B366C1B4307DD3113F73926C272D628E98CD6A064ADF3F43C05C6D
620msiexec.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.logtext
MD5:D6E03261458D67F86F5EE57D4E673B42
SHA256:B5E7A81E0282348C58F0ECE47C9A60B1916D182E0C259FB6987EE7FF023FA230
1480strbypass-setup-1.0.2.exeC:\ProgramData\Package Cache\{cd733966-8b05-4875-b53d-c867dc281ece}\strbypass-setup-1.0.2.exeexecutable
MD5:D47F798CAB3CB744F959FC3FF7E8C3A2
SHA256:BDDE9890FB1F081FADDBA1698729FECCC5F230D2B21FE10F23C8D24F04DAA4FC
1520STR.BYPASS.exeC:\Users\admin\AppData\Local\Temp\{9B2CCCB1-B621-4F71-A085-B942AABD3DD1}\strbypass_amd64_1.0.2.msiexecutable
MD5:74E48C508E200F0F1776E5F697ED6928
SHA256:0593BA87FBC82496A7267BF7598F2FC7F9E87EBFCA104327322C96E5D7842AD9
620msiexec.exeC:\Windows\Installer\17b4e8.msiexecutable
MD5:74E48C508E200F0F1776E5F697ED6928
SHA256:0593BA87FBC82496A7267BF7598F2FC7F9E87EBFCA104327322C96E5D7842AD9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
33
TCP/UDP connections
47
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
POST
200
20.190.159.23:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
200
20.190.159.129:443
https://login.live.com/RST2.srf
unknown
xml
11.0 Kb
whitelisted
POST
200
20.190.159.23:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
4868
RUXIMICS.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4868
RUXIMICS.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
403
95.101.149.131:443
https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409
unknown
html
386 b
whitelisted
POST
403
95.101.149.131:443
https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409
unknown
html
386 b
whitelisted
POST
403
95.101.149.131:443
https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409
unknown
html
386 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4868
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2336
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
2288
svchost.exe
20.190.160.17:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5944
MoUsoCoreWorker.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4868
RUXIMICS.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 20.73.194.208
whitelisted
google.com
  • 142.250.186.46
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
login.live.com
  • 20.190.160.17
  • 20.190.160.22
  • 20.190.160.3
  • 20.190.160.64
  • 20.190.160.66
  • 20.190.160.131
  • 20.190.160.4
  • 20.190.160.2
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
nexusrules.officeapps.live.com
  • 52.111.229.48
whitelisted
go.microsoft.com
  • 23.53.113.159
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
STR.BYPASS.exe