File name:

folder-lock-10-0-5.exe

Full analysis: https://app.any.run/tasks/25b51b70-94ea-41b1-bf36-f702c8529eba
Verdict: Malicious activity
Analysis date: October 31, 2024, 17:06:56
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
themida
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 13 sections
MD5:

96F0693623D50A1FE5F7AF82C90E8207

SHA1:

778343F3C7504735198F0BA7DEC5D3E829CA0C2E

SHA256:

80D6D25422662584F619034197A15B783FABF2280F8106696E5A34B3D3657CB6

SSDEEP:

98304:GKjkS0nK3YIlOZkGFOma4+afl8l/A0um7hl+OvyY1Wck1uR/7FNsKYkBN9wx874U:UdEKcySGWn81OVfB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the BIOS version

      • folder-lock-10-0-5.exe (PID: 2648)

    • Executable content was dropped or overwritten

      • folder-lock-10-0-5.exe (PID: 2648)
      • rundll32.exe (PID: 6552)
      • drvinst.exe (PID: 1236)

    • Starts CMD.EXE for commands execution

      • folder-lock-10-0-5.exe (PID: 2648)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 2928)
      • cmd.exe (PID: 2724)

    • Hides command output

      • cmd.exe (PID: 2928)
      • cmd.exe (PID: 2724)

    • Drops a system driver (possible attempt to evade defenses)

      • folder-lock-10-0-5.exe (PID: 2648)
      • rundll32.exe (PID: 6552)
      • drvinst.exe (PID: 1236)

    • Executes as Windows Service

      • WinFL10S.exe (PID: 2000)

    • Uses RUNDLL32.EXE to load library

      • folder-lock-10-0-5.exe (PID: 2648)

    • Executes application which crashes

      • folder-lock-10-0-5.exe (PID: 2648)

  • INFO

    • Process checks whether UAC notifications are on

      • folder-lock-10-0-5.exe (PID: 2648)

    • Checks supported languages

      • folder-lock-10-0-5.exe (PID: 2648)

    • Sends debugging messages

      • folder-lock-10-0-5.exe (PID: 2648)

    • Reads the software policy settings

      • folder-lock-10-0-5.exe (PID: 2648)

    • Create files in a temporary directory

      • folder-lock-10-0-5.exe (PID: 2648)

    • Reads the computer name

      • folder-lock-10-0-5.exe (PID: 2648)

    • Themida protector has been detected

      • folder-lock-10-0-5.exe (PID: 2648)

    • Application launched itself

      • msedge.exe (PID: 3832)
      • msedge.exe (PID: 7016)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 7860)

    • Manual execution by a user

      • msedge.exe (PID: 7016)
      • WINWORD.EXE (PID: 6696)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:10:24 05:33:13+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.38
CodeSize: 7492096
InitializedDataSize: 5685248
UninitializedDataSize: -
EntryPoint: 0x138e058
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 10.0.5.0
ProductVersionNumber: 10.0.5.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: NewSoftwares LLC
FileDescription: Folder Lock 10 Setup
FileVersion: 10.0.5
InternalName: Folder Lock
LegalCopyright: 2002-2024 © NewSoftwares LLC
LegalTrademarks: Folder Lock ® is a registered trademark
OriginalFileName: FolderLock10.exe
ProductName: Folder Lock
ProductVersion: 10.0.5
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
227
Monitored processes
81
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT folder-lock-10-0-5.exe cmd.exe no specs conhost.exe no specs sc.exe no specs cmd.exe no specs conhost.exe no specs sc.exe no specs cmd.exe no specs conhost.exe no specs dokanctl.exe no specs winfl10s.exe no specs conhost.exe no specs winfl10s.exe no specs winfl10m.exe no specs conhost.exe no specs winfl10m.exe no specs conhost.exe no specs winfl10m.exe no specs conhost.exe no specs rundll32.exe drvinst.exe runonce.exe no specs grpconv.exe no specs folder lock 10.exe msedge.exe no specs msedge.exe no specs werfault.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winword.exe ai.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs folder-lock-10-0-5.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
824\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWinFL10M.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1236DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{13076324-4536-5449-aa08-49046f28ddf5}\WinFL10L.inf" "9" "4814e12b7" "00000000000001D4" "WinSta0\Default" "00000000000001E4" "208" "C:\WINDOWS\system32\drivers"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
3758096943
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
2000C:\WINDOWS\SysWOW64\WinFL10S.exeC:\Windows\SysWOW64\WinFL10S.exeservices.exe
User:
SYSTEM
Company:
NewSoftwares LLC
Integrity Level:
SYSTEM
Description:
Service Application
Version:
10.0.0.0
Modules
Images
c:\windows\syswow64\winfl10s.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
2312"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2012 --field-trial-handle=2016,i,6365892924198004321,166745258046923556,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2364"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe" "0055CF33-DD8A-46EF-BC64-D5C2D87A7B70" "4E1DD661-D95A-4502-8889-34B8CD509EFF" "6696"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exeWINWORD.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Artificial Intelligence (AI) Host for the Microsoft® Windows® Operating System and Platform x64.
Exit code:
0
Version:
0.12.2.0
Modules
Images
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\ai.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems64.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2648"C:\Users\admin\AppData\Local\Temp\folder-lock-10-0-5.exe" C:\Users\admin\AppData\Local\Temp\folder-lock-10-0-5.exe
explorer.exe
User:
admin
Company:
NewSoftwares LLC
Integrity Level:
HIGH
Description:
Folder Lock 10 Setup
Exit code:
3221226505
Version:
10.0.5
Modules
Images
c:\users\admin\appdata\local\temp\folder-lock-10-0-5.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2724C:\WINDOWS\system32\cmd.exe /c sc delete dokan2 > nul 2>&1C:\Windows\System32\cmd.exefolder-lock-10-0-5.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1060
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
2928C:\WINDOWS\system32\cmd.exe /c sc stop dokan2 > nul 2>&1C:\Windows\System32\cmd.exefolder-lock-10-0-5.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1060
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
3524"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4356 --field-trial-handle=2396,i,17694004355044336795,8905611119501978845,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3580\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
19 385
Read events
18 989
Write events
344
Delete events
52

Modification events

(PID) Process:(2648) folder-lock-10-0-5.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en-us
Value:
(PID) Process:(2648) folder-lock-10-0-5.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en
Value:
(PID) Process:(2648) folder-lock-10-0-5.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:_Global_
Value:
(PID) Process:(2648) folder-lock-10-0-5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\NewSoftware's\Folder Lock 10
Operation:writeName:SetupPath
Value:
C:\Users\admin\AppData\Local\Temp\folder-lock-10-0-5.exe
(PID) Process:(2648) folder-lock-10-0-5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Hardware_ID
Operation:writeName:UniqueDeviceID
Value:
10622206300615502071
(PID) Process:(2648) folder-lock-10-0-5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Hardware_ID
Operation:writeName:Device Name
Value:
DESKTOP-JGLLJLD
(PID) Process:(2648) folder-lock-10-0-5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Folder Lock 10
Operation:writeName:NoModify
Value:
1
(PID) Process:(2648) folder-lock-10-0-5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Folder Lock 10
Operation:writeName:NoRepair
Value:
1
(PID) Process:(2648) folder-lock-10-0-5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Folder Lock 10
Operation:writeName:UninstallString
Value:
"C:\ProgramData\winfl_sys\Uninstall.exe" -u
(PID) Process:(2648) folder-lock-10-0-5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Folder Lock 10
Operation:writeName:displayIcon
Value:
C:\Program Files\NewSoftware's\Folder Lock 10\FolderLock10.ico
Executable files
35
Suspicious files
423
Text files
105
Unknown types
2

Dropped files

PID
Process
Filename
Type
2648folder-lock-10-0-5.exeC:\Users\admin\AppData\Local\Temp\WinFL10S.jsonbinary
MD5:DFBBEDB6F4EA71B7139BC1276CC7D7EC
SHA256:5447B1D7F4EE5DD64C06C12FB4A0D259347629C1BABF6ACD5C895A3FB824673B
2648folder-lock-10-0-5.exeC:\Users\admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dictext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
2648folder-lock-10-0-5.exeC:\Program Files\NewSoftware's\Folder Lock 10 Temp\WinFL10D.exeexecutable
MD5:40D66E94E5700CE0C53730027BA5F931
SHA256:84825F442DAEC4D582206F19071586132F43DA16125B5BC7A3D8E3A9C4EC6503
2648folder-lock-10-0-5.exeC:\Users\admin\AppData\Roaming\Microsoft\Spelling\en-US\default.acltext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
2648folder-lock-10-0-5.exeC:\Program Files\NewSoftware's\Folder Lock 10 Temp\WinFL10S.jsonbinary
MD5:DFBBEDB6F4EA71B7139BC1276CC7D7EC
SHA256:5447B1D7F4EE5DD64C06C12FB4A0D259347629C1BABF6ACD5C895A3FB824673B
2648folder-lock-10-0-5.exeC:\Program Files\NewSoftware's\Folder Lock 10 Temp\flk.icoimage
MD5:BDCA45D50B08BB871C0AC7A9D569DEE8
SHA256:174F1D86771FD2EF4AB412638025563B8136EDBB0561D16EBBA830D142AC421B
2648folder-lock-10-0-5.exeC:\Program Files\NewSoftware's\Folder Lock 10 Temp\User Guide.chmbinary
MD5:055C640C333B9407F100EAAA4861F32E
SHA256:70558C70CE364FE28AD494E86DAE509E61E0506FA7DE02A9D8EB3E3F7D57F806
2648folder-lock-10-0-5.exeC:\Program Files\NewSoftware's\Folder Lock 10 Temp\FolderLock10.icoimage
MD5:2A026DE372DDE158464D3D0F936AC1BE
SHA256:AB48245146C122A8C5BA318DDEEFD4CC6F34B72E128C926020A2019114338E02
2648folder-lock-10-0-5.exeC:\Program Files\NewSoftware's\Folder Lock 10 Temp\dokan2.sysexecutable
MD5:BD004DE96EA1B5D9C50FC5E2ABCC5CC8
SHA256:FB35461A746155BEE26F83291686DACCC7C2383922817DBA76F2BFC1BBB8550A
2648folder-lock-10-0-5.exeC:\Program Files\NewSoftware's\Folder Lock 10 Temp\WinFL10T.exeexecutable
MD5:A1DD062F794EB12D48C5C717196B41C8
SHA256:5E2FDAE8161EF4DAD4AEA5CFC92E9D029AE25F705A769E59B23D9D252142AA76
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
47
TCP/UDP connections
147
DNS requests
142
Threats
16

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3788
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4812
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
2312
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2312
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6696
WINWORD.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
6696
WINWORD.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
7528
svchost.exe
HEAD
200
23.48.23.167:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/8699fac5-cf38-4f97-a2f8-fb1e47f5e54e?P1=1730975581&P2=404&P3=2&P4=f3yhTGg9rew1gMazBb1w8v3hv3u2TE7Go0%2b%2fpi9FOwUBWeBNSf%2bBKED1bf9qaduqXdSfu%2fjj13K4tEbGS5bZ9A%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
92.123.104.46:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1252
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5488
MoUsoCoreWorker.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
23.52.120.96:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
  • 40.127.240.158
whitelisted
www.bing.com
  • 92.123.104.46
  • 92.123.104.53
  • 92.123.104.58
  • 92.123.104.40
  • 92.123.104.66
  • 92.123.104.59
  • 92.123.104.64
  • 92.123.104.49
  • 92.123.104.44
  • 2.23.209.133
  • 2.23.209.185
  • 2.23.209.179
  • 2.23.209.130
  • 2.23.209.177
  • 2.23.209.182
  • 2.23.209.135
  • 2.23.209.189
  • 2.23.209.140
  • 92.123.104.7
  • 92.123.104.61
  • 92.123.104.47
  • 92.123.104.4
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
  • 23.48.23.166
  • 23.48.23.147
  • 23.48.23.176
  • 2.16.164.49
  • 2.16.164.9
whitelisted
www.microsoft.com
  • 23.52.120.96
  • 23.32.185.131
whitelisted
google.com
  • 142.250.186.174
whitelisted
www.newsoftwares.net
  • 69.16.221.160
malicious
login.live.com
  • 20.190.159.75
  • 40.126.31.67
  • 20.190.159.0
  • 40.126.31.73
  • 20.190.159.4
  • 20.190.159.23
  • 40.126.31.69
  • 40.126.31.71
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
th.bing.com
  • 92.123.104.32
  • 92.123.104.18
  • 92.123.104.29
  • 92.123.104.30
  • 92.123.104.33
  • 92.123.104.24
  • 92.123.104.21
  • 92.123.104.31
  • 92.123.104.26
whitelisted
go.microsoft.com
  • 23.52.121.103
whitelisted

Threats

PID
Process
Class
Message
4076
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
4076
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
4076
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
4076
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
4076
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
4076
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
4076
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
4076
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
4076
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
4076
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
Process
Message
folder-lock-10-0-5.exe
<ul> element is not allowed at ((969))
folder-lock-10-0-5.exe
<ul> element is not allowed at ((1420))
folder-lock-10-0-5.exe
<ul> element is not allowed at ((1495))
folder-lock-10-0-5.exe
<ul> element is not allowed at ((1431))
folder-lock-10-0-5.exe
<ul> element is not allowed at ((1333))
folder-lock-10-0-5.exe
<ul> element is not allowed at ((1446))
folder-lock-10-0-5.exe
<ul> element is not allowed at ((1467))
folder-lock-10-0-5.exe
<ul> element is not allowed at ((1516))
folder-lock-10-0-5.exe
<ul> element is not allowed at ((1535))
folder-lock-10-0-5.exe
<ul> element is not allowed at ((1560))
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
folder-lock-10-0-5.exe