URL:

https://www.ablebits.com/downloads/index.php

Full analysis: https://app.any.run/tasks/851b9c01-e4d5-4aa9-87f1-fb8cbfd4ee91
Verdict: Malicious activity
Analysis date: January 27, 2025, 15:14:59
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-doc
arch-scr
arch-html
delphi
Indicators:
MD5:

2E69F9764133489949B9EC561FBD29A2

SHA1:

D8133199F7BAEF54B25BEDAE6E19CEDD491C45CD

SHA256:

79A9F72FFB127DE60674CC063DA0D00840DB5F4B5DC4BFF42F7277C3262E0D09

SSDEEP:

3:N8DSLcwyKIKBKXKphHn:2OLTyNaPHn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • rundll32.exe (PID: 7960)
      • rundll32.exe (PID: 6324)
      • rundll32.exe (PID: 6072)
      • rundll32.exe (PID: 6304)
      • rundll32.exe (PID: 5912)
      • rundll32.exe (PID: 3640)
      • rundll32.exe (PID: 7940)
      • rundll32.exe (PID: 1220)
      • rundll32.exe (PID: 5980)
      • rundll32.exe (PID: 1684)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 7684)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 7684)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 7684)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 7684)

    • Adds/modifies Windows certificates

      • MSI8947.tmp (PID: 7916)

    • Reads security settings of Internet Explorer

      • MSI8A52.tmp (PID: 4740)

    • Sets XML DOM element text (SCRIPT)

      • splwow64.exe (PID: 7460)

    • Creates/Modifies COM task schedule object

      • MSI8A52.tmp (PID: 4740)
      • MSI9C44.tmp (PID: 7956)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 6692)
      • msedge.exe (PID: 2728)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6692)
      • WinRAR.exe (PID: 8036)
      • msedge.exe (PID: 6912)
      • msiexec.exe (PID: 7520)
      • msiexec.exe (PID: 7684)
      • msedge.exe (PID: 7388)

    • The sample compiled with english language support

      • msedge.exe (PID: 6692)
      • WinRAR.exe (PID: 8036)
      • msedge.exe (PID: 6912)
      • msiexec.exe (PID: 7684)
      • msedge.exe (PID: 7388)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 7520)
      • splwow64.exe (PID: 7460)

    • Manual execution by a user

      • msiexec.exe (PID: 7520)
      • mmc.exe (PID: 7016)
      • mmc.exe (PID: 4932)

    • Reads the computer name

      • msiexec.exe (PID: 6160)
      • identity_helper.exe (PID: 4384)
      • msiexec.exe (PID: 7684)
      • MSI9C44.tmp (PID: 7956)
      • MSIA5CC.tmp (PID: 4392)
      • identity_helper.exe (PID: 7288)
      • AblebitsLoader.exe (PID: 6440)

    • Checks supported languages

      • identity_helper.exe (PID: 4384)
      • msiexec.exe (PID: 6160)
      • msiexec.exe (PID: 7684)
      • MSI8947.tmp (PID: 7916)
      • MSI8A52.tmp (PID: 4740)
      • MSI9C44.tmp (PID: 7956)
      • MSIA5CC.tmp (PID: 4392)
      • MSIA61B.tmp (PID: 6212)
      • identity_helper.exe (PID: 7288)
      • AblebitsLoader.exe (PID: 6440)

    • Reads the software policy settings

      • msiexec.exe (PID: 7520)
      • msiexec.exe (PID: 7684)
      • rundll32.exe (PID: 1684)

    • Checks proxy server information

      • msiexec.exe (PID: 7520)

    • Reads Environment values

      • identity_helper.exe (PID: 4384)
      • identity_helper.exe (PID: 7288)

    • Create files in a temporary directory

      • rundll32.exe (PID: 7960)
      • rundll32.exe (PID: 6324)
      • rundll32.exe (PID: 6304)
      • rundll32.exe (PID: 6072)
      • rundll32.exe (PID: 5912)
      • MSI8A52.tmp (PID: 4740)
      • MSI9C44.tmp (PID: 7956)
      • rundll32.exe (PID: 3640)
      • rundll32.exe (PID: 7940)
      • rundll32.exe (PID: 5980)
      • rundll32.exe (PID: 1220)
      • rundll32.exe (PID: 1684)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 7520)
      • msiexec.exe (PID: 7684)

    • Compiled with Borland Delphi (YARA)

      • msiexec.exe (PID: 7520)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 7684)
      • MSI8947.tmp (PID: 7916)
      • MSI8A52.tmp (PID: 4740)
      • MSI9C44.tmp (PID: 7956)
      • MSIA61B.tmp (PID: 6212)

    • Reads Microsoft Office registry keys

      • rundll32.exe (PID: 5912)
      • MSI8A52.tmp (PID: 4740)
      • MSI9C44.tmp (PID: 7956)

    • Process checks whether UAC notifications are on

      • MSI8A52.tmp (PID: 4740)
      • MSI9C44.tmp (PID: 7956)

    • Starts application with an unusual extension

      • msiexec.exe (PID: 7684)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 7684)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
247
Monitored processes
103
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe msiexec.exe msiexec.exe msiexec.exe no specs rundll32.exe rundll32.exe rundll32.exe msedge.exe no specs msedge.exe no specs msiexec.exe no specs rundll32.exe rundll32.exe msi8947.tmp msi8a52.tmp no specs msi9c44.tmp no specs msedge.exe no specs rundll32.exe msia5cc.tmp msia61b.tmp msedge.exe no specs msedge.exe no specs rundll32.exe rundll32.exe rundll32.exe excel.exe rundll32.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs ablebitsloader.exe no specs mmc.exe no specs mmc.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs splwow64.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
512"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4364 --field-trial-handle=2312,i,15825353101170042686,2211810006290328596,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
880"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6960 --field-trial-handle=2312,i,15825353101170042686,2211810006290328596,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1220rundll32.exe "C:\Users\admin\AppData\Local\Temp\MSIDB31.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1366921 44 AblebitsInstallUtils!AblebitsInstallUtils.CustomActions.RunExcelC:\Windows\SysWOW64\rundll32.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1684rundll32.exe "C:\Users\admin\AppData\Local\Temp\MSIE525.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1369421 51 AblebitsInstallUtils!AblebitsInstallUtils.CustomActions.OpenCleanInstallLink_PersonalC:\Windows\SysWOW64\rundll32.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2088"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5336 --field-trial-handle=2312,i,10840083070674776663,11567212428449076918,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2164"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5092 --field-trial-handle=2312,i,10840083070674776663,11567212428449076918,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2200"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5316 --field-trial-handle=2312,i,10840083070674776663,11567212428449076918,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2200"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3920 --field-trial-handle=2312,i,10840083070674776663,11567212428449076918,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2728"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-windowC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3052"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6684 --field-trial-handle=2312,i,15825353101170042686,2211810006290328596,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
44 911
Read events
41 411
Write events
3 425
Delete events
75

Modification events

(PID) Process:(6492) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6492) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6492) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6492) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(6492) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(6492) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:DisableFirstRunCustomize
Value:
1
(PID) Process:(6692) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6692) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6692) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6692) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
Executable files
102
Suspicious files
606
Text files
171
Unknown types
1

Dropped files

PID
Process
Filename
Type
6692msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF136ce6.TMP
MD5:
SHA256:
6692msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6692msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF136ce6.TMP
MD5:
SHA256:
6692msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6692msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF136d05.TMP
MD5:
SHA256:
6692msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6692msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF136d05.TMP
MD5:
SHA256:
6692msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6692msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF136d15.TMP
MD5:
SHA256:
6692msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
56
TCP/UDP connections
148
DNS requests
145
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1556
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
DE
binary
408 b
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
DE
binary
471 b
whitelisted
7520
msiexec.exe
GET
200
23.53.42.243:80
http://subca.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRIH1V64SBkA%2BzJQVQ6VFBAcvLB3wQUtqFUOQLDoD%2BOirz61PgcptE6Dv0CEQC78My1t7gx%2FSGuMneK5AyJ
DE
binary
1.80 Kb
whitelisted
5652
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/6ca9004c-2afd-40c0-a9b1-4fec460952e5?P1=1738128804&P2=404&P3=2&P4=Q4tHk0jW2iW3b5dU7JCPwTU5pj4%2bMhxvp50oCSdbLT5%2bkPvxQBIB1r1qB46sLPfODq9TK0wXiC8ZtGgwwpQTxg%3d%3d
US
whitelisted
5652
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/6ca9004c-2afd-40c0-a9b1-4fec460952e5?P1=1738128804&P2=404&P3=2&P4=Q4tHk0jW2iW3b5dU7JCPwTU5pj4%2bMhxvp50oCSdbLT5%2bkPvxQBIB1r1qB46sLPfODq9TK0wXiC8ZtGgwwpQTxg%3d%3d
US
binary
1.09 Kb
whitelisted
1556
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
DE
binary
419 b
whitelisted
5472
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
DE
binary
471 b
whitelisted
7520
msiexec.exe
GET
200
23.53.42.243:80
http://cevcsca2021.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR2rKuShFxBxX%2BVZ%2F8jiOwbsyptXQQUrFfKCBbcP8UxHApN2%2Fvx3pknLTQCEBes6yyWIjs47AiYY1WQTow%3D
DE
binary
2.28 Kb
unknown
5652
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/6ca9004c-2afd-40c0-a9b1-4fec460952e5?P1=1738128804&P2=404&P3=2&P4=Q4tHk0jW2iW3b5dU7JCPwTU5pj4%2bMhxvp50oCSdbLT5%2bkPvxQBIB1r1qB46sLPfODq9TK0wXiC8ZtGgwwpQTxg%3d%3d
US
binary
9.21 Kb
whitelisted
5652
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/6ca9004c-2afd-40c0-a9b1-4fec460952e5?P1=1738128804&P2=404&P3=2&P4=Q4tHk0jW2iW3b5dU7JCPwTU5pj4%2bMhxvp50oCSdbLT5%2bkPvxQBIB1r1qB46sLPfODq9TK0wXiC8ZtGgwwpQTxg%3d%3d
US
binary
18.3 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
40.126.32.140:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
1076
svchost.exe
23.213.170.81:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6692
msedge.exe
239.255.255.250:1900
whitelisted
6912
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6912
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6912
msedge.exe
54.165.213.88:443
www.ablebits.com
AMAZON-AES
US
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 40.126.32.140
  • 40.126.32.74
  • 20.190.160.17
  • 40.126.32.68
  • 40.126.32.134
  • 40.126.32.76
  • 40.126.32.133
  • 40.126.32.72
whitelisted
go.microsoft.com
  • 23.213.170.81
  • 23.213.166.81
whitelisted
www.ablebits.com
  • 54.165.213.88
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
  • 20.73.194.208
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.253.45
whitelisted
bzib.nelreports.net
  • 23.48.23.151
  • 23.48.23.152
whitelisted
cdn.ablebits.com
  • 18.172.112.121
  • 18.172.112.123
  • 18.172.112.87
  • 18.172.112.108
whitelisted

Threats

No threats detected
Process
Message
MSI8947.tmp
Ablebits add trusted certificate: OfficeDataApps
MSI8947.tmp
Ablebits add trusted certificate: Microsoft_W7
MSI8947.tmp
Ablebits trusted certificates have been added
MSIA5CC.tmp
@@@ AblebitsRegistrator RegisterOrUnregister start
MSIA5CC.tmp
@@@ AblebitsRegistrator starts
MSIA5CC.tmp
@@@ AblebitsRegistrator after get operation RegisterAblebitsLoaderPERMACHINE
MSIA5CC.tmp
@@@ Ablebits Registrator addinCommandName: UltimateSuite
MSIA5CC.tmp
@@@ AblebitsRegistrator args: UltimateSuite
MSIA5CC.tmp
@@@ AblebitsRegistrator after get addinProtInfo Ultimate Suite for Microsoft Excel
MSIA5CC.tmp
@@@ AblebitsRegistrator after get addinCommandName UltimateSuite
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.ablebits.com/downloads/index.php