File name:

python-3.11.9-amd64.exe

Full analysis: https://app.any.run/tasks/2c18a59f-8197-45ce-8c8d-8208c96b513a
Verdict: Malicious activity
Analysis date: July 17, 2024, 18:23:02
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
python
spam
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

E8DCD502E34932EEBCAF1BE056D5CBCD

SHA1:

33FC26D62919FD473AE837991DDD6613B82D6D20

SHA256:

5EE42C4EEE1E6B4464BB23722F90B45303F79442DF63083F05322F1785F5FDDE

SSDEEP:

196608:rFsCf9KWUbtUJ9kdK++uv8q8naR2RFVOrRST8+iKgAFoLKvdpmMd4osTf:rFBKxKzkdK+DcF4sT8qtvzmMd4osL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • python-3.11.9-amd64.exe (PID: 4328)
      • python-3.11.9-amd64.exe (PID: 3848)
      • msiexec.exe (PID: 2104)
      • python-3.11.9-amd64.exe (PID: 2516)

    • Changes the autorun value in the registry

      • python-3.11.9-amd64.exe (PID: 3848)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • python-3.11.9-amd64.exe (PID: 4328)
      • python-3.11.9-amd64.exe (PID: 3848)
      • python-3.11.9-amd64.exe (PID: 2516)

    • Searches for installed software

      • python-3.11.9-amd64.exe (PID: 3848)
      • python-3.11.9-amd64.exe (PID: 2516)
      • dllhost.exe (PID: 480)

    • Reads security settings of Internet Explorer

      • python-3.11.9-amd64.exe (PID: 3848)

    • Reads the date of Windows installation

      • python-3.11.9-amd64.exe (PID: 3848)

    • Starts itself from another location

      • python-3.11.9-amd64.exe (PID: 3848)

    • Executes as Windows Service

      • VSSVC.exe (PID: 5604)

    • Loads Python modules

      • python-3.11.9-amd64.exe (PID: 3848)

    • Creates a software uninstall entry

      • python-3.11.9-amd64.exe (PID: 3848)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 2104)

    • Process drops legitimate windows executable

      • python-3.11.9-amd64.exe (PID: 3848)
      • msiexec.exe (PID: 2104)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 2104)

    • The process drops C-runtime libraries

      • python-3.11.9-amd64.exe (PID: 3848)
      • msiexec.exe (PID: 2104)

    • Process drops python dynamic module

      • msiexec.exe (PID: 2104)

  • INFO

    • Checks supported languages

      • python-3.11.9-amd64.exe (PID: 4328)
      • python-3.11.9-amd64.exe (PID: 3848)
      • python-3.11.9-amd64.exe (PID: 2516)
      • msiexec.exe (PID: 2104)

    • Reads the computer name

      • python-3.11.9-amd64.exe (PID: 3848)
      • python-3.11.9-amd64.exe (PID: 2516)
      • msiexec.exe (PID: 2104)

    • Process checks computer location settings

      • python-3.11.9-amd64.exe (PID: 3848)

    • Create files in a temporary directory

      • python-3.11.9-amd64.exe (PID: 4328)
      • python-3.11.9-amd64.exe (PID: 3848)

    • Creates files in the program directory

      • python-3.11.9-amd64.exe (PID: 2516)

    • Reads the machine GUID from the registry

      • python-3.11.9-amd64.exe (PID: 2516)
      • msiexec.exe (PID: 2104)
      • python-3.11.9-amd64.exe (PID: 3848)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 2104)

    • Reads the software policy settings

      • msiexec.exe (PID: 2104)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 2104)
      • python-3.11.9-amd64.exe (PID: 3848)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 2104)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:22 15:58:18+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.16
CodeSize: 302080
InitializedDataSize: 239104
UninitializedDataSize: -
EntryPoint: 0x2e082
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 3.11.9150.0
ProductVersionNumber: 3.11.9150.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Python Software Foundation
FileDescription: Python 3.11.9 (64-bit)
FileVersion: 3.11.9150.0
InternalName: setup
LegalCopyright: Copyright (c) Python Software Foundation. All rights reserved.
OriginalFileName: python-3.11.9-amd64.exe
ProductName: Python 3.11.9 (64-bit)
ProductVersion: 3.11.9150.0
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
123
Monitored processes
8
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start python-3.11.9-amd64.exe python-3.11.9-amd64.exe python-3.11.9-amd64.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe

Process information

PID
CMD
Path
Indicators
Parent process
480C:\WINDOWS\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
2104C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2516"C:\Users\admin\AppData\Local\Temp\{855C9F85-4708-4022-A507-D1D03EC9EB43}\.be\python-3.11.9-amd64.exe" -q -burn.elevated BurnPipe.{9244C6D7-50BA-46F8-AA68-25400AEE0D7E} {F9710B0F-1E37-4976-99F9-63494C96D0B6} 3848C:\Users\admin\AppData\Local\Temp\{855C9F85-4708-4022-A507-D1D03EC9EB43}\.be\python-3.11.9-amd64.exe
python-3.11.9-amd64.exe
User:
admin
Company:
Python Software Foundation
Integrity Level:
HIGH
Description:
Python 3.11.9 (64-bit)
Version:
3.11.9150.0
Modules
Images
c:\users\admin\appdata\local\temp\{855c9f85-4708-4022-a507-d1d03ec9eb43}\.be\python-3.11.9-amd64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2612C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3848"C:\Users\admin\AppData\Local\Temp\{700E80C2-3E80-421D-99C9-095CEFAAB095}\.cr\python-3.11.9-amd64.exe" -burn.clean.room="C:\Users\admin\Desktop\python-3.11.9-amd64.exe" -burn.filehandle.attached=592 -burn.filehandle.self=632 C:\Users\admin\AppData\Local\Temp\{700E80C2-3E80-421D-99C9-095CEFAAB095}\.cr\python-3.11.9-amd64.exe
python-3.11.9-amd64.exe
User:
admin
Company:
Python Software Foundation
Integrity Level:
MEDIUM
Description:
Python 3.11.9 (64-bit)
Version:
3.11.9150.0
Modules
Images
c:\users\admin\appdata\local\temp\{700e80c2-3e80-421d-99c9-095cefaab095}\.cr\python-3.11.9-amd64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4328"C:\Users\admin\Desktop\python-3.11.9-amd64.exe" C:\Users\admin\Desktop\python-3.11.9-amd64.exe
explorer.exe
User:
admin
Company:
Python Software Foundation
Integrity Level:
MEDIUM
Description:
Python 3.11.9 (64-bit)
Version:
3.11.9150.0
Modules
Images
c:\users\admin\desktop\python-3.11.9-amd64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4536\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5604C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
32 591
Read events
29 240
Write events
3 286
Delete events
65

Modification events

(PID) Process:(3848) python-3.11.9-amd64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3848) python-3.11.9-amd64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3848) python-3.11.9-amd64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3848) python-3.11.9-amd64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(480) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
48000000000000005E79A96776D8DA01E0010000F0160000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2516) python-3.11.9-amd64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
40000000000000005E79A96776D8DA01D409000044030000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(480) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000160FF16776D8DA01E0010000F0160000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(480) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000160FF16776D8DA01E0010000F0160000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(480) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
48000000000000000F60F36776D8DA01E0010000F0160000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(480) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
48000000000000004A28F86776D8DA01E0010000F0160000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
74
Suspicious files
119
Text files
1 884
Unknown types
46

Dropped files

PID
Process
Filename
Type
480dllhost.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
3848python-3.11.9-amd64.exeC:\Users\admin\AppData\Local\Temp\{855C9F85-4708-4022-A507-D1D03EC9EB43}\lib_JustForMe
MD5:
SHA256:
3848python-3.11.9-amd64.exeC:\Users\admin\AppData\Local\Temp\{855C9F85-4708-4022-A507-D1D03EC9EB43}\doc_JustForMe
MD5:
SHA256:
4328python-3.11.9-amd64.exeC:\Users\admin\AppData\Local\Temp\{700E80C2-3E80-421D-99C9-095CEFAAB095}\.cr\python-3.11.9-amd64.exeexecutable
MD5:DEA93D35C259CB14F02B4E122F6091F0
SHA256:43B0D06ACF32140019C16AEF9C09B4AEB8B79F72D4A50396D79E852549F33F38
3848python-3.11.9-amd64.exeC:\Users\admin\AppData\Local\Temp\{855C9F85-4708-4022-A507-D1D03EC9EB43}\.ba\Default.thmxml
MD5:4A006BB0FD949404E628D26F833C994B
SHA256:BE2BAED45BCFB013E914E9D5BF6BC7C77A311F6F1723AFBB7EB1FAA7DA497E1B
3848python-3.11.9-amd64.exeC:\Users\admin\AppData\Local\Temp\{855C9F85-4708-4022-A507-D1D03EC9EB43}\core_JustForMeexecutable
MD5:4047D5BBCD8BBB8C294A31EF22BC0869
SHA256:0CA78B510C20E6425E444D53C46CACF07B8C06AC34420958A5EB18FD363ACE45
3848python-3.11.9-amd64.exeC:\Users\admin\AppData\Local\Temp\{855C9F85-4708-4022-A507-D1D03EC9EB43}\.be\python-3.11.9-amd64.exeexecutable
MD5:DEA93D35C259CB14F02B4E122F6091F0
SHA256:43B0D06ACF32140019C16AEF9C09B4AEB8B79F72D4A50396D79E852549F33F38
3848python-3.11.9-amd64.exeC:\Users\admin\AppData\Local\Package Cache\{1da2e09b-199c-4def-9a99-93a8c1b8ddf2}\python-3.11.9-amd64.exeexecutable
MD5:DEA93D35C259CB14F02B4E122F6091F0
SHA256:43B0D06ACF32140019C16AEF9C09B4AEB8B79F72D4A50396D79E852549F33F38
3848python-3.11.9-amd64.exeC:\Users\admin\AppData\Local\Temp\{855C9F85-4708-4022-A507-D1D03EC9EB43}\.ba\SideBar.pngimage
MD5:888EB713A0095756252058C9727E088A
SHA256:79434BD1368F47F08ACF6DB66638531D386BF15166D78D9BFEA4DA164C079067
3848python-3.11.9-amd64.exeC:\Users\admin\AppData\Local\Package Cache\.unverified\lib_JustForMe
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
41
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
msiexec.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
2104
msiexec.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAcfFBuLMA0l8xTrIwzQ0d0%3D
unknown
whitelisted
2104
msiexec.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
2104
msiexec.exe
GET
200
192.229.221.95:80
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
unknown
whitelisted
GET
200
104.126.37.161:443
https://www.bing.com/AS/API/WindowsCortanaPane/V2/Suggestions?qry=reged&setlang=en-US&cc=US&nohs=1&qfm=1&cp=5&cvid=917f2af1fe65416cbd620a4b992edbf0&ig=d9fc350f72484720963919f484813311
unknown
binary
4.70 Kb
unknown
GET
200
104.126.37.130:443
https://www.bing.com/AS/API/WindowsCortanaPane/V2/Suggestions?qry=reg&setlang=en-US&cc=US&nohs=1&qfm=1&cp=3&cvid=917f2af1fe65416cbd620a4b992edbf0&ig=65838b980f4f409493f636a698a90235
unknown
binary
5.11 Kb
unknown
GET
200
104.126.37.130:443
https://www.bing.com/AS/API/WindowsCortanaPane/V2/Suggestions?qry=regedi&setlang=en-US&cc=US&nohs=1&qfm=1&cp=6&cvid=917f2af1fe65416cbd620a4b992edbf0&ig=46856f19730442d7bfc8a588e4a577aa
unknown
binary
4.00 Kb
unknown
GET
200
104.126.37.144:443
https://www.bing.com/AS/API/WindowsCortanaPane/V2/Suggestions?qry=rege&setlang=en-US&cc=US&nohs=1&qfm=1&cp=4&cvid=917f2af1fe65416cbd620a4b992edbf0&ig=9e5ca3b8609c45288674b78f53cdefa2
unknown
binary
4.91 Kb
unknown
GET
200
104.126.37.186:443
https://www.bing.com/AS/API/WindowsCortanaPane/V2/Suggestions?qry=re&setlang=en-US&cc=US&nohs=1&qfm=1&cp=2&cvid=917f2af1fe65416cbd620a4b992edbf0&ig=886f7dfaf8a943d7ac515843550c84b9
unknown
binary
5.08 Kb
unknown
GET
200
104.126.37.162:443
https://www.bing.com/AS/API/WindowsCortanaPane/V2/Suggestions?qry=r&setlang=en-US&cc=US&nohs=1&qfm=1&cp=1&cvid=917f2af1fe65416cbd620a4b992edbf0&ig=8217ecd434a24e319c68e41132cd851d
unknown
binary
5.16 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
239.255.255.250:1900
whitelisted
104.126.37.185:443
www.bing.com
Akamai International B.V.
DE
unknown
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2204
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
2104
msiexec.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2204
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4656
SearchApp.exe
104.126.37.130:443
www.bing.com
Akamai International B.V.
DE
unknown
3040
OfficeClickToRun.exe
13.69.239.73:443
self.events.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
whitelisted
www.bing.com
  • 104.126.37.185
  • 104.126.37.130
  • 104.126.37.139
  • 104.126.37.186
  • 104.126.37.153
  • 104.126.37.146
  • 104.126.37.128
  • 104.126.37.155
  • 104.126.37.131
whitelisted
google.com
  • 142.250.185.142
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl3.digicert.com
  • 192.229.221.95
whitelisted
self.events.data.microsoft.com
  • 13.69.239.73
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
python-3.11.9-amd64.exe