File name:

Ogulniega.Minecraft_0.0.8_x64_en-US.msi

Full analysis: https://app.any.run/tasks/886bedfd-49ea-4324-af02-1558c1b50afe
Verdict: Malicious activity
Analysis date: February 22, 2026, 13:38:44
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
generated-doc
auto-reg
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Ogulniega Minecraft, Author: xMelonekMaX, Keywords: Installer, Comments: This installer database contains the logic and data required to install Ogulniega Minecraft., Template: x64;0, Revision Number: {2992A78E-8AD3-4A92-AD39-FD59F51FB842}, Create Time/Date: Fri Jan 23 12:26:48 2026, Last Saved Time/Date: Fri Jan 23 12:26:48 2026, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
MD5:

7A26AE0EA9C394DAF51F0DC9BB301127

SHA1:

BF5D84C8C3A3C8AB43A343B078C4C73095B61DDF

SHA256:

7A8EB344ADAF1D1EB6834060D7ED5E4853F822A285D8B8E20D9CCB037C2A498D

SSDEEP:

98304:ME18fvLh/uIm4iMSXfAorrn5RrW/YO58Z+vR7IAhcrxE1FChlp6KOCrxEDpzyRDr:F0eIlHy

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 3500)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 4020)

  • SUSPICIOUS

    • Executes as Windows Service

      • VSSVC.exe (PID: 3304)

    • Starts process via Powershell

      • powershell.exe (PID: 3500)

    • The process bypasses the loading of PowerShell profile settings

      • msiexec.exe (PID: 9056)

    • Downloads file from URI via Powershell

      • powershell.exe (PID: 3500)

    • Starts POWERSHELL.EXE for commands execution

      • msiexec.exe (PID: 9056)

    • Manipulates environment variables

      • powershell.exe (PID: 3500)

    • Gets or sets the security protocol (POWERSHELL)

      • powershell.exe (PID: 3500)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 4024)
      • MicrosoftEdgeUpdate.exe (PID: 4020)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 4020)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3212)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4964)
      • MicrosoftEdgeUpdate.exe (PID: 7560)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 416)

  • INFO

    • Checks supported languages

      • msiexec.exe (PID: 9056)
      • msiexec.exe (PID: 2392)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4024)
      • MicrosoftEdgeUpdate.exe (PID: 4020)
      • MicrosoftEdgeUpdate.exe (PID: 7560)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3212)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 416)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4964)
      • MicrosoftEdgeUpdate.exe (PID: 7856)
      • MicrosoftEdgeUpdate.exe (PID: 848)
      • MicrosoftEdgeUpdate.exe (PID: 1632)
      • MicrosoftEdgeUpdateCore.exe (PID: 4152)
      • MicrosoftEdgeUpdate.exe (PID: 4616)

    • Reads the computer name

      • msiexec.exe (PID: 9056)
      • msiexec.exe (PID: 2392)
      • MicrosoftEdgeUpdate.exe (PID: 4020)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3212)
      • MicrosoftEdgeUpdate.exe (PID: 7560)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4964)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 416)
      • MicrosoftEdgeUpdate.exe (PID: 7856)
      • MicrosoftEdgeUpdate.exe (PID: 1632)
      • MicrosoftEdgeUpdate.exe (PID: 848)
      • MicrosoftEdgeUpdate.exe (PID: 4616)
      • MicrosoftEdgeUpdateCore.exe (PID: 4152)

    • An automatically generated document

      • msiexec.exe (PID: 9152)

    • Drops script file

      • powershell.exe (PID: 3500)

    • Checks proxy server information

      • powershell.exe (PID: 3500)
      • MicrosoftEdgeUpdate.exe (PID: 7856)
      • MicrosoftEdgeUpdate.exe (PID: 848)
      • slui.exe (PID: 3404)

    • Disables trace logs

      • powershell.exe (PID: 3500)

    • Manages system restore points

      • SrTasks.exe (PID: 8652)

    • The executable file from the user directory is run by the Powershell process

      • MicrosoftEdgeWebview2Setup.exe (PID: 4024)

    • Create files in a temporary directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 4024)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 4020)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 4020)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 7856)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 4020)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 4020)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 7856)
      • MicrosoftEdgeUpdate.exe (PID: 848)

    • Manual execution by a user

      • MicrosoftEdgeUpdateCore.exe (PID: 4152)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: Ogulniega Minecraft
Author: xMelonekMaX
Keywords: Installer
Comments: This installer database contains the logic and data required to install Ogulniega Minecraft.
Template: x64;0
RevisionNumber: {2992A78E-8AD3-4A92-AD39-FD59F51FB842}
CreateDate: 2026:01:23 12:26:48
ModifyDate: 2026:01:23 12:26:48
Pages: 450
Words: 2
Software: Windows Installer XML Toolset (3.14.1.8722)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
169
Monitored processes
20
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs slui.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs powershell.exe conhost.exe no specs microsoftedgewebview2setup.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedgeupdatecore.exe no specs microsoftedgeupdate.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
416"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.221.3\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.221.3\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.221.3\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
848"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
1632"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource otherinstallcmd /sessionid "{E75FF474-D9D1-4324-8180-55B24ADA6294}" /silentC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
2392C:\Windows\syswow64\MsiExec.exe -Embedding 58244DCB8895CB8DE40EE83A7FC92304 CC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3212"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.221.3\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.221.3\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.221.3\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3304C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3404C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3500powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -WaitC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4020C:\Users\admin\AppData\Local\Temp\EUBA12.tmp\MicrosoftEdgeUpdate.exe /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Users\admin\AppData\Local\Temp\EUBA12.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\temp\euba12.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
4024"C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /silent /install C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
Total events
20 627
Read events
18 691
Write events
1 893
Delete events
43

Modification events

(PID) Process:(9056) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000D69B44BA00A4DC01602300005C200000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(9056) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
48000000000000002479E0B900A4DC01602300005C200000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(9056) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
48000000000000002479E0B900A4DC01602300005C200000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(9056) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000CB743DBA00A4DC01602300005C200000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(9056) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000CB743DBA00A4DC01602300005C200000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(9056) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
4800000000000000BBD73FBA00A4DC01602300005C200000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(9056) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
4800000000000000013861BA00A4DC01602300005C200000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3304) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000B4AC76BA00A4DC01E80C0000E0230000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3304) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000B4AC76BA00A4DC01E80C0000EC220000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3304) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000B4AC76BA00A4DC01E80C00008C070000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
0
Suspicious files
0
Text files
0
Unknown types
228

Dropped files

PID
Process
Filename
Type
9056msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
9056msiexec.exeC:\Windows\Installer\1f7623.msi
MD5:
SHA256:
9056msiexec.exeC:\Windows\Installer\1f7625.msi
MD5:
SHA256:
9056msiexec.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ogulniega Minecraft\Ogulniega Minecraft.lnk~RF1f7a59.TMPbinary
MD5:553FE2C80516A33C141D0D38945CFD7F
SHA256:467BB1F464047220FD90A41F7BB28847F9DF256704AB742BA51648CEE4679CD1
9056msiexec.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ogulniega Minecraft\~gulniega Minecraft.tmpbinary
MD5:E2259A0E337DF49867D0E027BCD19279
SHA256:A708605C94F1535A650C401ACC8CC3DA80D07ED7215491465F2E7368C7D9C762
9056msiexec.exeC:\Windows\Temp\~DF20D17F8932C90DBE.TMPbinary
MD5:BD52AEB0990B94DE674D4D4E72C6912B
SHA256:C59AF1180AD673C631445A9396E51EAE027C6F98138E636438293DECB327FBDF
9152msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI1CE.tmpbinary
MD5:CFBB8568BD3711A97E6124C56FCFA8D9
SHA256:7F47D98AB25CFEA9B3A2E898C3376CC9BA1CD893B4948B0C27CAA530FD0E34CC
9056msiexec.exeC:\Windows\Temp\~DF720F5FCC3BB2234E.TMPbinary
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
9056msiexec.exeC:\System Volume Information\SPP\snapshot-2binary
MD5:FD27BFE767093478EE4DD1284FFFBB5C
SHA256:C33491BB875BD63AA2594227CA5249A3C8A89513086D661BAF655B999F220684
9056msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{8dedc94e-336e-4b9b-a869-3978b99451bb}_OnDiskSnapshotPropbinary
MD5:FD27BFE767093478EE4DD1284FFFBB5C
SHA256:C33491BB875BD63AA2594227CA5249A3C8A89513086D661BAF655B999F220684
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
79
TCP/UDP connections
63
DNS requests
27
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
9160
SIHClient.exe
GET
304
74.178.76.128:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
POST
200
20.190.160.14:443
https://login.live.com/RST2.srf
unknown
binary
11.1 Kb
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
20.190.159.0:443
https://login.live.com/RST2.srf
unknown
binary
10.3 Kb
whitelisted
POST
200
20.190.159.0:443
https://login.live.com/RST2.srf
unknown
binary
10.3 Kb
whitelisted
356
svchost.exe
POST
200
40.126.32.134:443
https://login.live.com/RST2.srf
unknown
10.3 Kb
whitelisted
356
svchost.exe
POST
200
40.126.32.134:443
https://login.live.com/RST2.srf
unknown
binary
11.1 Kb
whitelisted
9160
SIHClient.exe
GET
200
135.233.95.135:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
whitelisted
356
svchost.exe
POST
200
40.126.32.134:443
https://login.live.com/RST2.srf
unknown
10.3 Kb
whitelisted
9160
SIHClient.exe
GET
200
74.178.76.128:443
https://slscr.update.microsoft.com/sls/ping
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
1352
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4468
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
1352
svchost.exe
23.55.110.193:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
4468
RUXIMICS.exe
23.55.110.193:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
23.55.110.193:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
1352
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
self.events.data.microsoft.com
  • 52.182.143.214
  • 51.116.246.105
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
google.com
  • 142.250.187.238
whitelisted
crl.microsoft.com
  • 23.55.110.193
  • 23.55.110.211
  • 2.16.164.114
  • 2.16.164.72
  • 2.16.164.104
  • 2.16.164.89
  • 2.16.164.74
  • 2.16.164.9
  • 2.16.164.66
  • 2.16.164.128
  • 2.16.164.81
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 23.52.181.212
whitelisted
login.live.com
  • 40.126.32.134
  • 20.190.160.3
  • 40.126.32.72
  • 20.190.160.131
  • 20.190.160.20
  • 40.126.32.138
  • 20.190.160.65
  • 20.190.160.2
  • 20.190.159.4
  • 20.190.159.75
  • 20.190.159.68
  • 40.126.31.130
  • 20.190.159.130
  • 40.126.31.131
  • 40.126.31.2
  • 40.126.31.71
whitelisted
slscr.update.microsoft.com
  • 74.178.76.128
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 135.233.95.135
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted

Threats

PID
Process
Class
Message
3500
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
Misc activity
ET INFO Request for EXE via Powershell
Misc activity
ET INFO Packed Executable Download
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
3500
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
3500
powershell.exe
Misc activity
ET INFO Request for EXE via Powershell
3500
powershell.exe
Misc activity
ET INFO Packed Executable Download
2252
svchost.exe
Misc activity
ET INFO Packed Executable Download
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Ogulniega.Minecraft_0.0.8_x64_en-US.msi