URL:

https://vip.123pan.cn/1843295569/15451644

Full analysis: https://app.any.run/tasks/a6c0ffa0-5c4c-408f-91a2-b06544509cad
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: January 19, 2025, 23:27:45
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
stealer
icmp
Indicators:
MD5:

978D746F453BCB83C60FDB8278CF5D03

SHA1:

D5AD043EF8CB8C60F9D4367A2AE6B27CBF89A63A

SHA256:

874B14A2E36229535771134CDC1439BC28DF5922A023D3FC8B8C554D378DF1EC

SSDEEP:

3:N8aLLoG+X63:2A/l

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Unusual execution from MS Office

      • WINWORD.EXE (PID: 3988)

    • Changes firewall settings

      • svchost.exe (PID: 7700)
      • svchost.exe (PID: 7424)

    • Creates or modifies Windows services

      • svchost.exe (PID: 7700)
      • svchost.exe (PID: 7424)

    • Disables Windows Defender

      • svchost.exe (PID: 7700)
      • svchost.exe (PID: 7424)

    • Actions looks like stealing of personal data

      • svchost.exe (PID: 2728)
      • svchost.exe (PID: 7636)

  • SUSPICIOUS

    • Application launched itself

      • document.exe (PID: 7328)
      • svchost.exe (PID: 7636)
      • svchost.exe (PID: 2076)
      • svchost.exe (PID: 2728)

    • Reads security settings of Internet Explorer

      • document.exe (PID: 7328)

    • Executable content was dropped or overwritten

      • document.exe (PID: 6728)

    • The process creates files with name similar to system file names

      • document.exe (PID: 6728)

    • Executes as Windows Service

      • cmd.exe (PID: 6076)
      • cmd.exe (PID: 3260)

    • The process executes via Task Scheduler

      • cmd.exe (PID: 4724)
      • cmd.exe (PID: 2484)

    • Creates or modifies Windows services

      • svchost.exe (PID: 7700)
      • svchost.exe (PID: 7424)

    • The process verifies whether the antivirus software is installed

      • svchost.exe (PID: 2728)
      • svchost.exe (PID: 7636)

    • Uses REG/REGEDIT.EXE to modify registry

      • svchost.exe (PID: 7700)
      • svchost.exe (PID: 7424)

    • There is functionality for taking screenshot (YARA)

      • svchost.exe (PID: 2728)
      • svchost.exe (PID: 7636)
      • svchost.exe (PID: 2160)

    • Connects to unusual port

      • svchost.exe (PID: 2160)
      • svchost.exe (PID: 7636)
      • svchost.exe (PID: 2728)

    • There is functionality for sending ICMP (YARA)

      • svchost.exe (PID: 2728)
      • svchost.exe (PID: 7636)
      • svchost.exe (PID: 2160)

  • INFO

    • Reads Environment values

      • identity_helper.exe (PID: 7912)
      • identity_helper.exe (PID: 7860)

    • Application launched itself

      • msedge.exe (PID: 6756)
      • msedge.exe (PID: 7288)

    • Checks supported languages

      • identity_helper.exe (PID: 7912)
      • identity_helper.exe (PID: 7860)
      • document.exe (PID: 7328)
      • svchost.exe (PID: 5208)
      • document.exe (PID: 6728)
      • svchost.exe (PID: 2728)
      • svchost.exe (PID: 7636)
      • svchost.exe (PID: 2076)
      • svchost.exe (PID: 2160)
      • svchost.exe (PID: 7700)
      • svchost.exe (PID: 7424)

    • Reads the computer name

      • identity_helper.exe (PID: 7912)
      • identity_helper.exe (PID: 7860)
      • document.exe (PID: 7328)
      • document.exe (PID: 6728)
      • svchost.exe (PID: 5208)
      • svchost.exe (PID: 2728)
      • svchost.exe (PID: 7636)
      • svchost.exe (PID: 2076)
      • svchost.exe (PID: 7700)
      • svchost.exe (PID: 7424)
      • svchost.exe (PID: 2160)

    • The process uses the downloaded file

      • msedge.exe (PID: 1596)
      • msedge.exe (PID: 6756)
      • WINWORD.EXE (PID: 3988)
      • WinRAR.exe (PID: 7940)
      • document.exe (PID: 7328)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 6756)

    • Drops encrypted VBS script (Microsoft Script Encoder)

      • WINWORD.EXE (PID: 3988)

    • Sends debugging messages

      • WINWORD.EXE (PID: 3988)

    • Reads security settings of Internet Explorer

      • splwow64.exe (PID: 7516)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7940)
      • msedge.exe (PID: 5340)

    • Manual execution by a user

      • document.exe (PID: 7328)

    • Process checks computer location settings

      • document.exe (PID: 7328)

    • The sample compiled with english language support

      • document.exe (PID: 6728)
      • msedge.exe (PID: 5340)

    • The sample compiled with chinese language support

      • document.exe (PID: 6728)

    • Creates files in the program directory

      • document.exe (PID: 6728)
      • svchost.exe (PID: 7700)
      • svchost.exe (PID: 2160)
      • svchost.exe (PID: 7424)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
221
Monitored processes
86
Malicious processes
10
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winword.exe msedge.exe msedge.exe no specs ai.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs splwow64.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs document.exe no specs document.exe cmd.exe no specs svchost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs svchost.exe svchost.exe svchost.exe no specs svchost.exe svchost.exe no specs svchost.exe no specs regedit.exe no specs regedit.exe no specs msedge.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
628"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4956 --field-trial-handle=2648,i,9864119663486282264,5225745572820314999,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4868 --field-trial-handle=2648,i,9864119663486282264,5225745572820314999,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1892,i,4350103540712107722,3818948716136917283,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1480"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5804 --field-trial-handle=2648,i,9864119663486282264,5225745572820314999,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1596"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5188 --field-trial-handle=1892,i,4350103540712107722,3818948716136917283,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1752"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2644 --field-trial-handle=2648,i,9864119663486282264,5225745572820314999,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1916"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5004 --field-trial-handle=2648,i,9864119663486282264,5225745572820314999,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2076C:\ProgramData\Windows\svchost.exe C:\ProgramData\Windows\svchost.db channel-8df91be7c24cC:\ProgramData\Windows\svchost.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\programdata\windows\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
2160C:\ProgramData\Windows\svchost.exe C:\ProgramData\Windows\svchost.db channel-8df91be7c24fC:\ProgramData\Windows\svchost.exe
svchost.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\programdata\windows\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
2200"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5536 --field-trial-handle=2648,i,9864119663486282264,5225745572820314999,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
30 293
Read events
29 640
Write events
533
Delete events
120

Modification events

(PID) Process:(6568) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6568) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6568) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6568) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(6568) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(6568) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:DisableFirstRunCustomize
Value:
1
(PID) Process:(6756) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6756) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6756) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6756) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
Executable files
64
Suspicious files
689
Text files
144
Unknown types
0

Dropped files

PID
Process
Filename
Type
6756msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1370af.TMP
MD5:
SHA256:
6756msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6756msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1370af.TMP
MD5:
SHA256:
6756msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6756msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1370be.TMP
MD5:
SHA256:
6756msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6756msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1370be.TMP
MD5:
SHA256:
6756msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6756msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF1370ce.TMP
MD5:
SHA256:
6756msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
57
TCP/UDP connections
182
DNS requests
86
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7180
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7180
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
3988
WINWORD.EXE
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
3988
WINWORD.EXE
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
3988
WINWORD.EXE
GET
200
2.16.164.72:80
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
unknown
whitelisted
3988
WINWORD.EXE
GET
200
2.16.164.72:80
http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.16.204.141:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
20.190.159.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2.23.242.9:443
go.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.174
whitelisted
www.bing.com
  • 2.16.204.141
  • 2.16.204.161
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
  • 2.16.164.72
  • 2.16.164.9
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
www.microsoft.com
  • 2.23.181.156
  • 2.23.246.101
whitelisted
login.live.com
  • 20.190.159.68
  • 20.190.159.0
  • 40.126.31.71
  • 20.190.159.71
  • 20.190.159.64
  • 20.190.159.2
  • 40.126.31.67
  • 40.126.31.73
whitelisted
go.microsoft.com
  • 2.23.242.9
whitelisted
vip.123pan.cn
  • 59.47.225.124
  • 59.47.225.50
  • 59.47.237.142
  • 59.47.225.53
  • 59.47.237.131
  • 59.47.225.49
  • 59.47.237.138
  • 59.47.225.48
  • 59.47.225.54
  • 59.47.225.41
  • 59.47.237.141
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted

Threats

No threats detected
Process
Message
WINWORD.EXE
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
WINWORD.EXE
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
WINWORD.EXE
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://vip.123pan.cn/1843295569/15451644