File name:

IDM.zip

Full analysis: https://app.any.run/tasks/5586fb55-09c6-4f4f-bf99-7a7cf077c279
Verdict: Malicious activity
Analysis date: October 02, 2024, 13:22:30
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

1D9B874A0C1A5B88B2AE8A6C9FA859DC

SHA1:

AB98207AA46558013F8EDAAF8188CC1E5055DFAA

SHA256:

641F7DF87531F5F3BED2F1F3529BDFB6CD689A899948A45F11B168D212A24052

SSDEEP:

98304:YI8TxaUaDMKe+vaVu3HkzkYM2vk/thpecSS+qJiXhQUlw0keD5Hq3c7IJaoipzE0:LBkThOfVuTFcy/IrLjcbB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • IDMan.exe (PID: 6852)
      • Uninstall.exe (PID: 2808)

    • Starts NET.EXE for service management

      • Uninstall.exe (PID: 2808)
      • net.exe (PID: 7800)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 2192)

    • Drops a system driver (possible attempt to evade defenses)

      • WinRAR.exe (PID: 2192)
      • rundll32.exe (PID: 4120)
      • drvinst.exe (PID: 3908)

    • Executable content was dropped or overwritten

      • IDMan.exe (PID: 6852)
      • rundll32.exe (PID: 4120)
      • drvinst.exe (PID: 3908)

    • Uses RUNDLL32.EXE to load library

      • Uninstall.exe (PID: 2808)

  • INFO

    • Manual execution by a user

      • IDMan.exe (PID: 6852)
      • idmBroker.exe (PID: 420)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2192)
      • msedge.exe (PID: 8032)

    • Application launched itself

      • firefox.exe (PID: 1840)
      • firefox.exe (PID: 1928)
      • msedge.exe (PID: 7996)
      • msedge.exe (PID: 8568)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.xpi | Mozilla Firefox browser extension (42.1)
.zip | ZIP compressed archive (21)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2024:01:17 04:13:14
ZipCRC: 0x14d91e69
ZipCompressedSize: 1289
ZipUncompressedSize: 3602
ZipFileName: IDM/defexclist.txt
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
238
Monitored processes
101
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe idman.exe regsvr32.exe no specs idmintegrator64.exe no specs regsvr32.exe no specs idmbroker.exe no specs firefox.exe no specs firefox.exe uninstall.exe no specs uninstall.exe firefox.exe no specs rundll32.exe firefox.exe no specs firefox.exe no specs drvinst.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs drvinst.exe no specs firefox.exe no specs runonce.exe no specs grpconv.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs regsvr32.exe no specs regsvr32.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
304"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2256 --field-trial-handle=2268,i,1686716992714019772,9550014585124957479,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
420"C:\Users\admin\Desktop\IDM\idmBroker.exe" C:\Users\admin\Desktop\IDM\idmBroker.exeexplorer.exe
User:
admin
Company:
Internet Download Manager, Tonec Inc.
Integrity Level:
MEDIUM
Description:
Broker for reading of IDM settings
Version:
6, 35, 9, 1
Modules
Images
c:\users\admin\desktop\idm\idmbroker.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
840 /s "C:\Users\admin\Desktop\IDM\IDMShellExt64.dll"C:\Windows\System32\regsvr32.exeregsvr32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1256"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20240213221259 -prefsHandle 2296 -prefMapHandle 2292 -prefsLen 30537 -prefMapSize 244343 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0dd2126-9eea-4f7a-8797-2123c9972c3c} 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 22a1d782f10 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
1504"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4344 --field-trial-handle=2444,i,2186298623852997294,15831642245269568093,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1568"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4112 --field-trial-handle=2444,i,2186298623852997294,15831642245269568093,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1692"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3500 --field-trial-handle=2444,i,2186298623852997294,15831642245269568093,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1712"C:\Users\admin\Desktop\IDM\IDMIntegrator64.exe" -runcmC:\Users\admin\Desktop\IDM\IDMIntegrator64.exeIDMan.exe
User:
admin
Company:
Tonec Inc.
Integrity Level:
MEDIUM
Description:
IDM Integration Loader
Exit code:
0
Version:
6.41.23.4
Modules
Images
c:\users\admin\desktop\idm\idmintegrator64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
1768"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5164 --field-trial-handle=2268,i,1686716992714019772,9550014585124957479,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1840"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.htmlC:\Program Files\Mozilla Firefox\firefox.exeIDMan.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
Total events
28 701
Read events
28 487
Write events
212
Delete events
2

Modification events

(PID) Process:(2192) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(2192) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\IDM.zip
(PID) Process:(2192) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2192) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2192) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2192) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6852) IDMan.exeKey:HKEY_CURRENT_USER\SOFTWARE\DownloadManager\IDMBI\IEXPLORE
Operation:writeName:name
Value:
Internet Explorer
(PID) Process:(6852) IDMan.exeKey:HKEY_CURRENT_USER\SOFTWARE\DownloadManager\IDMBI\IEXPLORE
Operation:writeName:int
Value:
1
(PID) Process:(6852) IDMan.exeKey:HKEY_CURRENT_USER\SOFTWARE\DownloadManager\IDMBI\msedge
Operation:writeName:name
Value:
Microsoft Edge
(PID) Process:(6852) IDMan.exeKey:HKEY_CURRENT_USER\SOFTWARE\DownloadManager\IDMBI\msedge
Operation:writeName:int
Value:
1
Executable files
61
Suspicious files
576
Text files
262
Unknown types
26

Dropped files

PID
Process
Filename
Type
2192WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2192.18535\IDM\idmfsa.dllexecutable
MD5:235F64226FCD9926FB3A64A4BF6F4CC8
SHA256:6F0ED0A7A21E73811675E8A13D35C7DAA6309214477296A07FE52A3D477578AD
2192WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2192.18535\IDM\idmantypeinfo.tlbtlb
MD5:60ADB0AD984D5C3A4289CED459913963
SHA256:D421D11EF7CF2B766CA6FBC8E837912B2100339C686D48CA56F650649F7B9343
2192WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2192.18535\IDM\idmbrbtn.dllexecutable
MD5:360A81DA9905EA5AF031394FA98EC1D2
SHA256:34C3C2B36572C927D6ED6E0C5EBB44164AC2E5E5129EF9C6610B3BE431E473E5
2192WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2192.18535\IDM\defexclist.txttext
MD5:A4F4CC7C56FCDD15B24940135EAEE001
SHA256:13CC5076572FCFDF10EEF7A1A33BEC318F8428E331A0824EEBB692770AA00008
2192WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2192.18535\IDM\IDMan.exeexecutable
MD5:82E54CE952A477BCA92DB052BA83786D
SHA256:24AE38EEB19AC2528CCA74A777EC39584715CC617603740BE62668706C30105E
2192WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2192.18535\IDM\downlWithIDM64.dllexecutable
MD5:13C99CBF0E66D5A8003A650C5642CA30
SHA256:8A51ECE1C4C8BCB8C56CA10CB9D97BFF0DFE75052412A8D8D970A5EB6933427B
2192WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2192.18535\IDM\idmcchandler2.dllexecutable
MD5:36B618F848D6DDA620BF0B151EACF02D
SHA256:1450146B904919474EF6D528B20A672A33A32AFC4A1E40F69D515B523D72FA19
2192WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2192.18535\IDM\idmcchandler2_64.dllexecutable
MD5:5012EA14F13DD58FFEB14553824D8EBB
SHA256:59AC02F5A0644BF56B7AD7E2B48FC8F89083F8CFE12A0A93F63163A5573A876F
2192WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2192.18535\IDM\idmcchandler7_64.dllexecutable
MD5:C0A6FB25175D79B6DA9B9B8C390166C2
SHA256:D464E8E7C84CB2FC62EACF932E841BBD73C3294A37812CCEE7FFBBB9E01572A6
2192WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2192.18535\IDM\idmcchandler7.dllexecutable
MD5:53856B10A9679BBDA9C662E43B89F720
SHA256:E1A4DEA06F184BE2357BE4C72AC5315776F0DCE251C0C7FA5F1FA927DA69B9BC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
69
TCP/UDP connections
135
DNS requests
193
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3928
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6652
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2540
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
3276
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3276
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1928
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
1928
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
1928
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
whitelisted
1928
firefox.exe
POST
200
142.250.186.67:80
http://o.pki.goog/s/wr3/XjA
unknown
whitelisted
1928
firefox.exe
POST
200
2.16.241.15:80
http://r10.o.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3928
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
3928
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6652
svchost.exe
40.126.32.140:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3260
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6652
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1220
svchost.exe
184.28.89.167:443
go.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
google.com
  • 142.250.185.142
whitelisted
login.live.com
  • 40.126.32.140
  • 40.126.32.72
  • 40.126.32.76
  • 40.126.32.68
  • 20.190.160.17
  • 40.126.32.74
  • 40.126.32.133
  • 20.190.160.14
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 184.28.89.167
  • 23.213.166.81
whitelisted
arc.msn.com
  • 20.223.36.55
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
IDM.zip