File name:

gpg4win-4.4.0.exe

Full analysis: https://app.any.run/tasks/a1d6a5b5-87cf-4917-88dc-6bbcc1a92b00
Verdict: Malicious activity
Analysis date: January 28, 2025, 13:08:46
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive, 7 sections
MD5:

3299AC2698D997B1A8A0E3C2C393C45A

SHA1:

5C5E06F9F36D816BA14847D813127C9510836394

SHA256:

765673854C1503602B09C97BFA6C72B534E2414185FB2F23A0CE19CF8CECD891

SSDEEP:

196608:nAsmKs5/H+JRSVyTws1cnQs/u4oIIGlxT8jDZXIsa62y91wXcvTDB:AMw/HlVyEsAL1ldKtLnyX+Tt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • gpg4win-4.4.0.exe (PID: 6924)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • gpg4win-4.4.0.exe (PID: 6924)
      • gnupg-w32-2.4.7_20241125-bin.exe (PID: 7056)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • gpg4win-4.4.0.exe (PID: 6924)
      • gnupg-w32-2.4.7_20241125-bin.exe (PID: 7056)

    • Reads security settings of Internet Explorer

      • gpg4win-4.4.0.exe (PID: 6924)

    • Reads Microsoft Outlook installation path

      • gpg4win-4.4.0.exe (PID: 6924)

    • There is functionality for taking screenshot (YARA)

      • gpg4win-4.4.0.exe (PID: 6924)
      • kleopatra.exe (PID: 2928)

    • The process creates files with name similar to system file names

      • gnupg-w32-2.4.7_20241125-bin.exe (PID: 7056)
      • gpg4win-4.4.0.exe (PID: 6924)

    • Creates a software uninstall entry

      • gnupg-w32-2.4.7_20241125-bin.exe (PID: 7056)
      • gpg4win-4.4.0.exe (PID: 6924)

    • Creates/Modifies COM task schedule object

      • gpg4win-4.4.0.exe (PID: 6924)
      • regsvr32.exe (PID: 5488)
      • regsvr32.exe (PID: 6444)

  • INFO

    • Checks supported languages

      • gpg4win-4.4.0.exe (PID: 6924)
      • gnupg-w32-2.4.7_20241125-bin.exe (PID: 7056)
      • kleopatra.exe (PID: 2928)
      • gpgconf.exe (PID: 836)
      • gpgme-w32spawn.exe (PID: 4716)
      • gpgme-w32spawn.exe (PID: 624)
      • gpgme-w32spawn.exe (PID: 5004)
      • gpgconf.exe (PID: 6004)
      • gpg.exe (PID: 5244)
      • gpgsm.exe (PID: 2804)
      • gpgme-w32spawn.exe (PID: 6160)
      • gpgconf.exe (PID: 1792)
      • gpgconf.exe (PID: 6564)
      • gpgconf.exe (PID: 6412)
      • gpg.exe (PID: 6784)
      • gpg-connect-agent.exe (PID: 6588)
      • gpg-agent.exe (PID: 1016)
      • gpgconf.exe (PID: 3700)
      • dirmngr.exe (PID: 6072)
      • gpg-agent.exe (PID: 6596)
      • gpgconf.exe (PID: 6220)
      • gpgme-w32spawn.exe (PID: 3040)
      • gpgme-w32spawn.exe (PID: 6700)
      • gpgconf.exe (PID: 556)
      • gpg.exe (PID: 6908)
      • gpgme-w32spawn.exe (PID: 6760)
      • gpgsm.exe (PID: 7004)
      • gpgme-w32spawn.exe (PID: 7040)
      • gpgconf.exe (PID: 3488)
      • keyboxd.exe (PID: 7100)
      • gpgme-w32spawn.exe (PID: 1704)
      • gpgconf.exe (PID: 7080)
      • gpg-agent.exe (PID: 6956)
      • gpg-agent.exe (PID: 2904)

    • Reads the computer name

      • gpg4win-4.4.0.exe (PID: 6924)
      • gnupg-w32-2.4.7_20241125-bin.exe (PID: 7056)
      • kleopatra.exe (PID: 2928)

    • Creates files in the program directory

      • gpg4win-4.4.0.exe (PID: 6924)
      • gnupg-w32-2.4.7_20241125-bin.exe (PID: 7056)

    • The sample compiled with english language support

      • gpg4win-4.4.0.exe (PID: 6924)
      • gnupg-w32-2.4.7_20241125-bin.exe (PID: 7056)

    • Create files in a temporary directory

      • gpg4win-4.4.0.exe (PID: 6924)
      • gnupg-w32-2.4.7_20241125-bin.exe (PID: 7056)
      • kleopatra.exe (PID: 2928)

    • Reads the machine GUID from the registry

      • kleopatra.exe (PID: 2928)
      • gpg-agent.exe (PID: 6596)

    • Manual execution by a user

      • kleopatra.exe (PID: 2928)

    • Creates files or folders in the user directory

      • kleopatra.exe (PID: 2928)
      • gpgconf.exe (PID: 836)
      • gpg-connect-agent.exe (PID: 6588)
      • gpg-agent.exe (PID: 6596)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:08:29 19:32:12+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, No debug
PEType: PE32
LinkerVersion: 2.34
CodeSize: 38400
InitializedDataSize: 41472
UninitializedDataSize: 131072
EntryPoint: 0x4648
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 4.4.0.22704
ProductVersionNumber: 4.4.0.22704
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: Gpg4win is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License. You should have received a copy of the GNU General Public License along with this software; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
CompanyName: g10 Code GmbH
FileDescription: Gpg4win: The GNU Privacy Guard and Tools for Windows
FileVersion: 4.4.0.22704
LegalCopyright: Copyright (C) 2023 g10 Code GmbH
LegalTrademarks: -
ProductName: Gpg4win (4.4.0)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
170
Monitored processes
58
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start gpg4win-4.4.0.exe gnupg-w32-2.4.7_20241125-bin.exe regsvr32.exe no specs regsvr32.exe regsvr32.exe no specs regsvr32.exe no specs kleopatra.exe gpgme-w32spawn.exe no specs gpgconf.exe no specs conhost.exe no specs gpgme-w32spawn.exe no specs gpgconf.exe no specs conhost.exe no specs gpgme-w32spawn.exe no specs gpg.exe no specs conhost.exe no specs gpgme-w32spawn.exe no specs gpgsm.exe no specs conhost.exe no specs gpgme-w32spawn.exe no specs gpgconf.exe no specs conhost.exe no specs gpgconf.exe no specs gpgconf.exe no specs conhost.exe no specs conhost.exe no specs dirmngr.exe no specs gpg-agent.exe no specs gpg-connect-agent.exe no specs gpg-agent.exe no specs gpgme-w32spawn.exe no specs gpgconf.exe no specs conhost.exe no specs gpgme-w32spawn.exe no specs gpgconf.exe no specs conhost.exe no specs gpg.exe no specs gpg.exe no specs gpgme-w32spawn.exe no specs gpgconf.exe no specs conhost.exe no specs gpgsm.exe no specs gpgsm.exe no specs gpgme-w32spawn.exe no specs gpgconf.exe no specs conhost.exe no specs keyboxd.exe no specs keyboxd.exe no specs gpgme-w32spawn.exe no specs gpgconf.exe no specs conhost.exe no specs gpg-agent.exe no specs gpg-agent.exe no specs gpgme-w32spawn.exe no specs gpgconf.exe no specs conhost.exe no specs scdaemon.exe no specs gpg4win-4.4.0.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
488\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exegpgconf.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
556"C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgconf.exe" "--list-options" "gpgsm" C:\Program Files (x86)\GnuPG\bin\gpgconf.exegpgme-w32spawn.exe
User:
admin
Company:
g10 Code GmbH
Integrity Level:
MEDIUM
Description:
GnuPG’s config tool
Exit code:
0
Version:
2.4.7 (7bdaf5647) built on <anon> at <none>
624"C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\admin\\AppData\\Local\\Temp\\gpgme-tw2skO" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-components" C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exekleopatra.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\program files (x86)\gpg4win\bin\gpgme-w32spawn.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
836"C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgconf.exe" "--list-dirs" C:\Program Files (x86)\GnuPG\bin\gpgconf.exegpgme-w32spawn.exe
User:
admin
Company:
g10 Code GmbH
Integrity Level:
MEDIUM
Description:
GnuPG’s config tool
Exit code:
0
Version:
2.4.7 (7bdaf5647) built on <anon> at <none>
Modules
Images
c:\program files (x86)\gnupg\bin\gpgconf.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1016"C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe" --gpgconf-testC:\Program Files (x86)\GnuPG\bin\gpg-agent.exegpgconf.exe
User:
admin
Company:
g10 Code GmbH
Integrity Level:
MEDIUM
Description:
GnuPG’s private key daemon
Exit code:
0
Version:
2.4.7 (7bdaf5647) built on <anon> at <none>
Modules
Images
c:\program files (x86)\gnupg\bin\gpg-agent.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1292"C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgconf.exe" "--list-options" "scdaemon" C:\Program Files (x86)\GnuPG\bin\gpgconf.exegpgme-w32spawn.exe
User:
admin
Company:
g10 Code GmbH
Integrity Level:
MEDIUM
Description:
GnuPG’s config tool
Version:
2.4.7 (7bdaf5647) built on <anon> at <none>
1704"C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\admin\\AppData\\Local\\Temp\\gpgme-4eSM3o" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-options" "gpg-agent" C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exekleopatra.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
1792"C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgconf.exe" "--version" C:\Program Files (x86)\GnuPG\bin\gpgconf.exegpgme-w32spawn.exe
User:
admin
Company:
g10 Code GmbH
Integrity Level:
MEDIUM
Description:
GnuPG’s config tool
Exit code:
0
Version:
2.4.7 (7bdaf5647) built on <anon> at <none>
Modules
Images
c:\program files (x86)\gnupg\bin\gpgconf.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2292"C:\Program Files (x86)\GnuPG\bin\gpgsm.exe" --dump-option-tableC:\Program Files (x86)\GnuPG\bin\gpgsm.exegpgconf.exe
User:
admin
Company:
g10 Code GmbH
Integrity Level:
MEDIUM
Description:
GnuPG’s X.509/CMS tool
Exit code:
0
Version:
2.4.7 (7bdaf5647) built on <anon> at <none>
2452\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exegpgconf.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
5 277
Read events
5 155
Write events
121
Delete events
1

Modification events

(PID) Process:(6924) gpg4win-4.4.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Gpg4win
Operation:writeName:Install Directory
Value:
C:\Program Files (x86)\Gpg4win
(PID) Process:(7056) gnupg-w32-2.4.7_20241125-bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\GnuPG
Operation:writeName:Install Directory
Value:
C:\Program Files (x86)\Gpg4win\..\GnuPG
(PID) Process:(7056) gnupg-w32-2.4.7_20241125-bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GnuPG
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\Gpg4win\..\GnuPG\gnupg-uninstall.exe"
(PID) Process:(7056) gnupg-w32-2.4.7_20241125-bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GnuPG
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\Gpg4win\..\GnuPG
(PID) Process:(7056) gnupg-w32-2.4.7_20241125-bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GnuPG
Operation:writeName:DisplayName
Value:
GNU Privacy Guard
(PID) Process:(7056) gnupg-w32-2.4.7_20241125-bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GnuPG
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\Gpg4win\..\GnuPG\bin\gpg.exe,0
(PID) Process:(7056) gnupg-w32-2.4.7_20241125-bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GnuPG
Operation:writeName:DisplayVersion
Value:
2.4.7
(PID) Process:(7056) gnupg-w32-2.4.7_20241125-bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GnuPG
Operation:writeName:Publisher
Value:
The GnuPG Project
(PID) Process:(7056) gnupg-w32-2.4.7_20241125-bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GnuPG
Operation:writeName:URLInfoAbout
Value:
https://gnupg.org
(PID) Process:(7056) gnupg-w32-2.4.7_20241125-bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GnuPG
Operation:writeName:NoModify
Value:
1
Executable files
134
Suspicious files
953
Text files
146
Unknown types
8

Dropped files

PID
Process
Filename
Type
6924gpg4win-4.4.0.exeC:\Users\admin\AppData\Local\Temp\nsjADD9.tmp\LangDLL.dllexecutable
MD5:20850D4D5416FBFD6A02E8A120F360FC
SHA256:860B409B065B747AAB2A9937F02D08B6FD7309993B50D8E4B53983C8C2B56B61
6924gpg4win-4.4.0.exeC:\Users\admin\AppData\Local\Temp\nsjADD9.tmp\System.dllexecutable
MD5:4F25D99BF1375FE5E61B037B2616695D
SHA256:803931797D95777248DEE4F2A563AED51FE931D2DD28FAEC507C69ED0F26F647
6924gpg4win-4.4.0.exeC:\Users\admin\AppData\Local\Temp\nsjADD9.tmp\UserInfo.dllexecutable
MD5:9C8190BF734E58469EEB894B04C9FDA0
SHA256:88860534A424835A4BC47D3DB8D0F4B1481442ED3EFDEB7338A7DDF616651A60
6924gpg4win-4.4.0.exeC:\Users\admin\AppData\Local\Temp\nsjADD9.tmp\modern-header.bmpimage
MD5:7823DFF3B752711D4A98B89FF52EB60A
SHA256:5364168D3EFEFED24331CF89B7A54DE4907D524C3A6BAC98D0DFD626B967A16B
6924gpg4win-4.4.0.exeC:\Program Files (x86)\Gpg4win\share\gpg4win\HOWTO-SMIME.de.txttext
MD5:D764AC539DF4C810195A7DF7FD05A014
SHA256:E0078E793C0604D77B09AD33706F071F22E63B6F22C4E5BE787FFC3F2221ADAE
6924gpg4win-4.4.0.exeC:\Users\admin\AppData\Local\Temp\nsjADD9.tmp\modern-wizard.bmpimage
MD5:5AEDFE21C520C2B506C5E1FA6259121E
SHA256:ABD76ED6755782D7A2FDA3EE9E0C8ECAD259E977D9D40C48B5FA3701B275FABB
6924gpg4win-4.4.0.exeC:\Users\admin\AppData\Local\Temp\nsjADD9.tmp\Slides\slide1-gpgol.pngimage
MD5:205B928C28E330575CD59D5CD8E1A914
SHA256:88A049FF7878F56E4E15B412E0A3E1CD1FA690943AD1E79400B50C7F9116400E
6924gpg4win-4.4.0.exeC:\Users\admin\AppData\Local\Temp\nsjADD9.tmp\nsDialogs.dllexecutable
MD5:2029C44871670EEC937D1A8C1E9FAA21
SHA256:A4AE6D33F940A80E8FE34537C5CC1F8B8679C979607969320CFB750C15809AC2
6924gpg4win-4.4.0.exeC:\Users\admin\AppData\Local\Temp\nsjADD9.tmp\Slides\slide2-gpgex.pngimage
MD5:3E2AE828F2A265C62D4014834DC2C5B5
SHA256:7AAB978BF32C2289E855ED22D7DDBC4D26EFDA8AD50A6A2DC04EDA7ABEC41B58
6924gpg4win-4.4.0.exeC:\Program Files (x86)\Gpg4win\bin\sha1sum.exeexecutable
MD5:03B34731525F5F61F433D09C91414551
SHA256:59E463DCD205029FFD99B93B7CDA93649AD05060084AEF9EE238171D85B7B8FE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
81
DNS requests
60
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.192:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
GET
209.51.188.116:443
https://www.gnu.org/licenses/
unknown
GET
209.51.188.174:443
https://www.fsf.org/blogs/community/psychological-care-should-grant-you-freedom-and-protection/@@images/11a058d4-e7c7-420d-9525-ca67857dc239.png
unknown
GET
200
13.107.253.45:443
https://edge-mobile-static.azureedge.net/eccp/get?settenant=edge-config&setplatform=win&setmkt=en-US&setchannel=stable
unknown
binary
14.3 Kb
whitelisted
GET
200
13.107.21.239:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=122.0.2365.59&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
binary
1.01 Kb
whitelisted
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=44&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
binary
768 b
whitelisted
GET
301
209.51.188.174:443
https://fsf.org/
unknown
html
185 b
whitelisted
GET
401
13.107.6.158:443
https://business.bing.com/work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox
unknown
binary
587 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
104.126.37.136:443
Akamai International B.V.
DE
unknown
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.192:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:137
whitelisted
5064
SearchApp.exe
104.126.37.153:443
www.bing.com
Akamai International B.V.
DE
whitelisted
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
239.255.255.250:1900
whitelisted
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
google.com
  • 216.58.206.46
whitelisted
crl.microsoft.com
  • 23.48.23.192
  • 23.48.23.145
  • 23.48.23.178
  • 23.48.23.141
  • 23.48.23.181
  • 23.48.23.173
  • 23.48.23.138
  • 23.48.23.180
  • 23.48.23.191
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
www.bing.com
  • 104.126.37.153
  • 104.126.37.137
  • 104.126.37.144
  • 104.126.37.171
  • 104.126.37.178
  • 104.126.37.154
  • 104.126.37.139
  • 104.126.37.128
  • 104.126.37.130
whitelisted
self.events.data.microsoft.com
  • 52.168.117.168
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
fsf.org
  • 209.51.188.174
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted

Threats

No threats detected
Process
Message
gpg4win-4.4.0.exe
Created:
gpg4win-4.4.0.exe
CLSID\{42d30988-1a3a-11da-c687-000d6080e735}
regsvr32.exe
Created:
regsvr32.exe
CLSID\{42d30988-1a3a-11da-c687-000d6080e735}
kleopatra.exe
org.kde.pim.kleopatra: Startup timing: 72 ms: Application created
kleopatra.exe
org.kde.pim.kleopatra: Responder handle: 0x0
kleopatra.exe
org.kde.pim.kleopatra: Application created
kleopatra.exe
org.kde.pim.kleopatra: Created responder: "kleopatraResponder" with handle: 0x50288
kleopatra.exe
org.kde.pim.kleopatra: Startup timing: 81 ms: Starting version info check
kleopatra.exe
org.kde.pim.kleopatra: Startup timing: 80 ms: GPGME Initialized
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
gpg4win-4.4.0.exe