File name:

SoftPerfect.RAM.Disk.4.1.1.zip

Full analysis: https://app.any.run/tasks/b8b69318-ad23-49ae-8206-c8390ec9964e
Verdict: Malicious activity
Analysis date: October 02, 2024, 23:12:38
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

21D43E18DE408A624F86EA108D138ACE

SHA1:

D5FE23B26EAE5D0A0D21D53366851F732552311A

SHA256:

6F52ABEA2B18E3C1459AB0DE095EDC84349233817407F62478EA76892D6A12D4

SSDEEP:

98304:ejhSkjuRAeeOJnTSoQQSIWvzeRjRtHqeIadJq7y8xxBc+NeCGAXY9bz6Y+wQGH7V:PW55ydl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • SoftPerfect.RAM.Disk.4.1.1_Setup.exe (PID: 7024)
      • SoftPerfect.RAM.Disk.4.1.1_Setup.exe (PID: 6412)
      • SoftPerfect.RAM.Disk.4.1.1_Setup.tmp (PID: 6196)
      • ramdisk.exe (PID: 5144)
      • drvinst.exe (PID: 1308)
      • drvinst.exe (PID: 6772)
      • SoftPerfect_AIO_8in1_Patch_Keygen_v2.3.exe (PID: 2324)
      • SoftPerfect_AIO_8in1_Patch_Keygen_v2.3.exe (PID: 1360)

    • Drops a system driver (possible attempt to evade defenses)

      • SoftPerfect.RAM.Disk.4.1.1_Setup.tmp (PID: 6196)
      • ramdisk.exe (PID: 5144)
      • drvinst.exe (PID: 6772)
      • drvinst.exe (PID: 1308)

    • Uses REG/REGEDIT.EXE to modify registry

      • SoftPerfect.RAM.Disk.4.1.1_Setup.tmp (PID: 6196)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6328)

    • Manual execution by a user

      • SoftPerfect.RAM.Disk.4.1.1_Setup.exe (PID: 7024)
      • SoftPerfect_AIO_8in1_Patch_Keygen_v2.3.exe (PID: 1308)
      • SoftPerfect_AIO_8in1_Patch_Keygen_v2.3.exe (PID: 2324)
      • SoftPerfect_AIO_8in1_Patch_Keygen_v2.3.exe (PID: 1360)
      • ramdisk.exe (PID: 1608)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:10:02 19:02:10
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: SoftPerfect.RAM.Disk.4.1.1/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
157
Monitored processes
22
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe softperfect.ram.disk.4.1.1_setup.exe softperfect.ram.disk.4.1.1_setup.tmp no specs softperfect.ram.disk.4.1.1_setup.exe softperfect.ram.disk.4.1.1_setup.tmp sppextcomobj.exe no specs slui.exe _setup64.tmp no specs conhost.exe no specs ramdisk.exe drvinst.exe drvinst.exe reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs ramdisk.exe no specs softperfect_aio_8in1_patch_keygen_v2.3.exe no specs softperfect_aio_8in1_patch_keygen_v2.3.exe softperfect_aio_8in1_patch_keygen_v2.3.exe ramdisk.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1132\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exe_setup64.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1308DrvInst.exe "2" "211" "ROOT\SCSIADAPTER\0000" "C:\WINDOWS\INF\oem1.inf" "oem1.inf:428b016736e824fd:Port:4.1.1.0:root\spvd," "46aaceb6f" "00000000000000F0"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
1308"C:\Users\admin\Desktop\SoftPerfect.RAM.Disk.4.1.1\SoftPerfect_AIO_8in1_Patch_Keygen_v2.3.exe" C:\Users\admin\Desktop\SoftPerfect.RAM.Disk.4.1.1\SoftPerfect_AIO_8in1_Patch_Keygen_v2.3.exeexplorer.exe
User:
admin
Company:
DeFconX
Integrity Level:
MEDIUM
Description:
SoftPerfect_AIO
Exit code:
3221226540
Version:
2.3.0.0
Modules
Images
c:\users\admin\desktop\softperfect.ram.disk.4.1.1\softperfect_aio_8in1_patch_keygen_v2.3.exe
c:\windows\system32\ntdll.dll
1360"C:\Users\admin\Desktop\SoftPerfect.RAM.Disk.4.1.1\SoftPerfect_AIO_8in1_Patch_Keygen_v2.3.exe" C:\Users\admin\Desktop\SoftPerfect.RAM.Disk.4.1.1\SoftPerfect_AIO_8in1_Patch_Keygen_v2.3.exe
explorer.exe
User:
admin
Company:
DeFconX
Integrity Level:
HIGH
Description:
SoftPerfect_AIO
Exit code:
0
Version:
2.3.0.0
Modules
Images
c:\users\admin\desktop\softperfect.ram.disk.4.1.1\softperfect_aio_8in1_patch_keygen_v2.3.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1608"C:\Program Files\SoftPerfect RAM Disk\ramdisk.exe" C:\Program Files\SoftPerfect RAM Disk\ramdisk.exeexplorer.exe
User:
admin
Company:
SoftPerfect Pty Ltd
Integrity Level:
MEDIUM
Description:
RAM Disk GUI
Version:
4.1.1.0
Modules
Images
c:\program files\softperfect ram disk\ramdisk.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
1652helper 105 0x48CC:\Users\admin\AppData\Local\Temp\is-UCKHA.tmp\_isetup\_setup64.tmpSoftPerfect.RAM.Disk.4.1.1_Setup.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\is-uckha.tmp\_isetup\_setup64.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5\comctl32.dll
1684"C:\Program Files\SoftPerfect RAM Disk\ramdisk.exe"C:\Program Files\SoftPerfect RAM Disk\ramdisk.exeSoftPerfect.RAM.Disk.4.1.1_Setup.tmp
User:
admin
Company:
SoftPerfect Pty Ltd
Integrity Level:
MEDIUM
Description:
RAM Disk GUI
Exit code:
0
Version:
4.1.1.0
Modules
Images
c:\program files\softperfect ram disk\ramdisk.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\usp10.dll
2324"C:\Users\admin\Desktop\SoftPerfect.RAM.Disk.4.1.1\SoftPerfect_AIO_8in1_Patch_Keygen_v2.3.exe" C:\Users\admin\Desktop\SoftPerfect.RAM.Disk.4.1.1\SoftPerfect_AIO_8in1_Patch_Keygen_v2.3.exe
explorer.exe
User:
admin
Company:
DeFconX
Integrity Level:
HIGH
Description:
SoftPerfect_AIO
Exit code:
0
Version:
2.3.0.0
Modules
Images
c:\users\admin\desktop\softperfect.ram.disk.4.1.1\softperfect_aio_8in1_patch_keygen_v2.3.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2724"C:\WINDOWS\system32\reg.exe" ADD HKLM\SYSTEM\CurrentControlSet\Services\SPVVEngine /v Start /t REG_DWORD /d 2 /fC:\Windows\System32\reg.exeSoftPerfect.RAM.Disk.4.1.1_Setup.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3456\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
9 314
Read events
9 243
Write events
63
Delete events
8

Modification events

(PID) Process:(6328) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6328) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\SoftPerfect.RAM.Disk.4.1.1.zip
(PID) Process:(6328) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6328) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6328) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6328) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6196) SoftPerfect.RAM.Disk.4.1.1_Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:SoftPerfectRamDisk
Value:
"C:\Program Files\SoftPerfect RAM Disk\ramdisk.exe" /hide
(PID) Process:(6196) SoftPerfect.RAM.Disk.4.1.1_Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33A14ED9-0340-4193-BEDB-B95BC8196182}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.0.5 (u)
(PID) Process:(6196) SoftPerfect.RAM.Disk.4.1.1_Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33A14ED9-0340-4193-BEDB-B95BC8196182}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\SoftPerfect RAM Disk
(PID) Process:(6196) SoftPerfect.RAM.Disk.4.1.1_Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33A14ED9-0340-4193-BEDB-B95BC8196182}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\SoftPerfect RAM Disk\
Executable files
29
Suspicious files
13
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
6328WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6328.7919\SoftPerfect.RAM.Disk.4.1.1\SoftPerfect_AIO_8in1_Patch_Keygen_v2.3.exeexecutable
MD5:4F7B1686D22A3A79EF15E24F0312E888
SHA256:76D229A144448540D3425B1DB2F80A056FC49A17CBE8CA34B2803376A3AA2382
6196SoftPerfect.RAM.Disk.4.1.1_Setup.tmpC:\Users\admin\AppData\Local\Temp\is-UCKHA.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
6412SoftPerfect.RAM.Disk.4.1.1_Setup.exeC:\Users\admin\AppData\Local\Temp\is-I9AQG.tmp\SoftPerfect.RAM.Disk.4.1.1_Setup.tmpexecutable
MD5:77C71EA57412AF3FC2BF4974078380A8
SHA256:3378272B3CAC0B5637ADC2D71848403063ABF32E765F859254A238798D7CD9F5
6196SoftPerfect.RAM.Disk.4.1.1_Setup.tmpC:\Program Files\SoftPerfect RAM Disk\ramdisk.exeexecutable
MD5:144BB9B4ECC507F06BAF63EADEC414BE
SHA256:A823F9C1F5C3630EB271BDA50FE710B8A15FDCA6DE51DEC2466A7CE40D97D3CC
7024SoftPerfect.RAM.Disk.4.1.1_Setup.exeC:\Users\admin\AppData\Local\Temp\is-02CQU.tmp\SoftPerfect.RAM.Disk.4.1.1_Setup.tmpexecutable
MD5:77C71EA57412AF3FC2BF4974078380A8
SHA256:3378272B3CAC0B5637ADC2D71848403063ABF32E765F859254A238798D7CD9F5
6196SoftPerfect.RAM.Disk.4.1.1_Setup.tmpC:\Program Files\SoftPerfect RAM Disk\vvlib.dllexecutable
MD5:DBBD893BBCC73D76F19CEF79F919F103
SHA256:9A2D397D0C5D570DB6040EAF6E7D17D74787902D21180533194658F848558EB3
6196SoftPerfect.RAM.Disk.4.1.1_Setup.tmpC:\Program Files\SoftPerfect RAM Disk\is-N9H20.tmpexecutable
MD5:144BB9B4ECC507F06BAF63EADEC414BE
SHA256:A823F9C1F5C3630EB271BDA50FE710B8A15FDCA6DE51DEC2466A7CE40D97D3CC
6196SoftPerfect.RAM.Disk.4.1.1_Setup.tmpC:\Program Files\SoftPerfect RAM Disk\unins000.exeexecutable
MD5:6185C228E8A349C8E27E5EBBCE4B65D1
SHA256:0DBCACD13B72EC8B22AF277630E9322109B3A78DF455769B1998DBB9EAD390D1
6196SoftPerfect.RAM.Disk.4.1.1_Setup.tmpC:\Program Files\SoftPerfect RAM Disk\is-VNVPQ.tmpexecutable
MD5:6185C228E8A349C8E27E5EBBCE4B65D1
SHA256:0DBCACD13B72EC8B22AF277630E9322109B3A78DF455769B1998DBB9EAD390D1
6196SoftPerfect.RAM.Disk.4.1.1_Setup.tmpC:\Program Files\SoftPerfect RAM Disk\is-MV8PF.tmpchm
MD5:AB85E36489680373000DFE19EA7D5ECA
SHA256:EC5CE3842992714677495D3EBBD0D87C3BD2AE59279CFC08E4589982CB5B301F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
53
DNS requests
23
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2120
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1420
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
3300
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3300
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
3324
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6632
svchost.exe
20.190.159.4:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.78
whitelisted
login.live.com
  • 20.190.159.4
  • 40.126.31.73
  • 40.126.31.67
  • 20.190.159.68
  • 20.190.159.75
  • 20.190.159.23
  • 20.190.159.0
  • 40.126.31.71
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 184.30.17.189
whitelisted
arc.msn.com
  • 20.223.36.55
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted
browser.pipe.aria.microsoft.com
  • 20.42.73.31
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SoftPerfect.RAM.Disk.4.1.1.zip