File name:

VeryFun.exe

Full analysis: https://app.any.run/tasks/88a4ae06-061a-48cd-826e-7668a0a27309
Verdict: Malicious activity
Analysis date: May 10, 2025, 13:32:32
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
upx
autoit
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

EF7B3C31BC127E64627EDD8B89B2AE54

SHA1:

310D606EC2F130013CC9D2F38A9CC13A2A34794A

SHA256:

8B04FDA4BEE1806587657DA6C6147D3E949AA7D11BE1EEFB8CD6EF0DBA76D387

SSDEEP:

49152:wshda+bFz6dmTTfO0JBhybeUXzELz/RkxI6Zxkxur4E5IReTD5GKHmDVJPY8t:Js/4ibecELz/RkO6LF4hRq5GKHmBBYC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Scans artifacts that could help determine the target

      • cmd.exe (PID: 7532)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • VeryFun.exe (PID: 7472)

    • Checks for the .NET to be installed

      • cmd.exe (PID: 7532)

    • The process checks if it is being run in the virtual environment

      • cmd.exe (PID: 7532)

    • Changes the title of the Internet Explorer window

      • cmd.exe (PID: 7532)

    • Reads the history of recent RDP connections

      • cmd.exe (PID: 7532)

    • Changes the Home page of Internet Explorer

      • cmd.exe (PID: 7532)

    • There is functionality for taking screenshot (YARA)

      • VeryFun.exe (PID: 7472)
      • cmd.exe (PID: 7508)
      • cmd.exe (PID: 7532)

    • Application launched itself

      • setup.exe (PID: 7820)
      • ie4uinit.exe (PID: 5720)
      • setup.exe (PID: 5324)
      • setup.exe (PID: 7968)

    • Uses RUNDLL32.EXE to load library

      • ie4uinit.exe (PID: 5668)

  • INFO

    • The sample compiled with english language support

      • VeryFun.exe (PID: 7472)

    • Reads mouse settings

      • VeryFun.exe (PID: 7472)
      • cmd.exe (PID: 7508)
      • cmd.exe (PID: 7532)
      • cmd.exe (PID: 8044)
      • cmd.exe (PID: 8112)

    • Checks supported languages

      • VeryFun.exe (PID: 7472)

    • Reads the computer name

      • VeryFun.exe (PID: 7472)

    • The process uses AutoIt

      • VeryFun.exe (PID: 7472)
      • cmd.exe (PID: 7508)
      • cmd.exe (PID: 7532)

    • UPX packer has been detected

      • VeryFun.exe (PID: 7472)
      • cmd.exe (PID: 7508)
      • cmd.exe (PID: 7532)

    • Manual execution by a user

      • ie4uinit.exe (PID: 5720)
      • unregmp2.exe (PID: 7496)
      • chrmstp.exe (PID: 7740)
      • setup.exe (PID: 7968)
      • WerFault.exe (PID: 2020)
      • WerFault.exe (PID: 5364)

    • Application launched itself

      • chrmstp.exe (PID: 7740)
      • chrmstp.exe (PID: 864)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (28.6)
.exe | UPX compressed Win32 Executable (28)
.exe | Win32 EXE Yoda's Crypter (27.5)
.dll | Win32 Dynamic Link Library (generic) (6.8)
.exe | Win32 Executable (generic) (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:09:22 22:25:28+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 356352
InitializedDataSize: 2826240
UninitializedDataSize: 3354624
EntryPoint: 0x389de0
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (British)
CharacterSet: Unicode
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
157
Monitored processes
28
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start veryfun.exe cmd.exe no specs cmd.exe no specs sppextcomobj.exe no specs slui.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs werfault.exe no specs ie4uinit.exe no specs cmd.exe no specs ie4uinit.exe no specs unregmp2.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs setup.exe no specs setup.exe no specs setup.exe no specs setup.exe no specs setup.exe no specs setup.exe no specs cmd.exe no specs rundll32.exe no specs slui.exe no specs werfault.exe no specs veryfun.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
864"C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=2 --install-level=0C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\chrmstp.exechrmstp.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome Installer
Exit code:
73
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\122.0.6261.70\installer\chrmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2020C:\WINDOWS\system32\WerFault.exe -u -p 1056 -s 3656C:\Windows\System32\WerFault.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
2147942431
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
3300"C:\WINDOWS\system32\cmd.exe"C:\Windows\SysWOW64\cmd.exeVeryFun.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4336C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5324"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\Installer\setup.exe" --msedge --channel=stable --launch-msedge-after-unlock --verbose-logging --system-levelC:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\Installer\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\installer\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
5364C:\WINDOWS\system32\WerFault.exe -u -p 5492 -s 8760C:\Windows\System32\WerFault.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
2147942431
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\oleaut32.dll
5668C:\Windows\System32\ie4uinit.exe -ClearIconCacheC:\Windows\System32\ie4uinit.exeie4uinit.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
IE Per-User Initialization Utility
Exit code:
0
Version:
11.00.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ie4uinit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5720"C:\Windows\System32\ie4uinit.exe" -UserConfigC:\Windows\System32\ie4uinit.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
IE Per-User Initialization Utility
Exit code:
0
Version:
11.00.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ie4uinit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6708C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0C:\Windows\System32\rundll32.exeie4uinit.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
6740"C:\WINDOWS\system32\cmd.exe"C:\Windows\SysWOW64\cmd.exeVeryFun.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
191 424
Read events
163 587
Write events
27 805
Delete events
32

Modification events

(PID) Process:(7472) VeryFun.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management
Operation:writeName:LargePageMinimum
Value:
1
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Reflection.Emit.ILGeneration, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
îž/-;‹LqéK*¦ˆÎ%ª‡t£@Æew
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Reflection.Emit.Lightweight, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
&atzòÕ‘we'‹„#æì¨ãk[þftÆv
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Reflection.Extensions, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
ë–S;ÿrRÅïèTp „øáó9˜·óDA²7‚
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Reflection.Primitives, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
»9%¢ù×
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Resources.Reader, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
©T.îJMýߦ®ù¨egiÿía~ñÑà
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Resources.ResourceManager, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
ꆨ¨øÇ€Øy"¬n?ü‚‘Ü("¡ñت
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Resources.Writer, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
ìĺGö5ÖÕ@PçOÚ;‰z Ö½
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Runtime, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
Q8­¶çqŒ<iGŠ€1à_.è`TÊe¤à¤
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Runtime.Caching, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
ùi¿´sÖϐ?-=C©¶ª¡é¼-zfþ3@Œ
Executable files
5
Suspicious files
3
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
5720ie4uinit.exeC:\Users\admin\AppData\Local\Temp\RGI1DD8.tmptext
MD5:0D6E3B5966C8910612CBB86683829EFD
SHA256:6B5C97558FDF8CC87169CAD942F04A633BF2B9931D50BF22D91E632C0EA596AF
5720ie4uinit.exeC:\Users\admin\AppData\Local\Temp\RGI1DD7.tmptext
MD5:0D6E3B5966C8910612CBB86683829EFD
SHA256:6B5C97558FDF8CC87169CAD942F04A633BF2B9931D50BF22D91E632C0EA596AF
5720ie4uinit.exeC:\Users\admin\AppData\Local\Temp\RGI1DC6.tmptext
MD5:0D6E3B5966C8910612CBB86683829EFD
SHA256:6B5C97558FDF8CC87169CAD942F04A633BF2B9931D50BF22D91E632C0EA596AF
7768setup.exeC:\Windows\Temp\MsEdgeCrashpad\throttle_store.dattext
MD5:9E4E94633B73F4A7680240A0FFD6CD2C
SHA256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
7496unregmp2.exeC:\Users\admin\AppData\Local\Temp\wmsetup.logtext
MD5:6D40620BBB52BDD7FA9D8A087D9A5090
SHA256:0C86E307BA82BA5C2912D30973405182B93602A41A94C25AA0647D97BFF3D280
7740chrmstp.exeC:\Windows\Temp\Crashpad\settings.datbinary
MD5:E18C6C24C1D9C633C63266BC4D3516E2
SHA256:AF04745E902A883FC5D1EA3C2BFE1AC9976BF2C151B93F9DBE224D906CF8E4C6
5720ie4uinit.exeC:\Users\admin\AppData\Local\Temp\RGI1DE8.tmptext
MD5:0D6E3B5966C8910612CBB86683829EFD
SHA256:6B5C97558FDF8CC87169CAD942F04A633BF2B9931D50BF22D91E632C0EA596AF
7820setup.exeC:\Users\admin\AppData\Local\Temp\msedge_installer.logtext
MD5:4C4D62E3084FE71137D92508E2982720
SHA256:C9D9134BD645DE80FB17E04B5932A9FC0480EFA3FA4435AD7A1F891C7B2F9BBD
7472VeryFun.exeC:\Windows\system.inibinary
MD5:D0FC2CE93295D330D919057753B6907F
SHA256:7B99CE362B7AEDB34DA70270104F05A80DA41E81148239EBF416E696ED208A52
5720ie4uinit.exeC:\Users\admin\AppData\Local\Temp\RGI1E18.tmptext
MD5:87BA1D52A05A8D4343356EB0C6279DE2
SHA256:564A351DB0AB9249751ECF3F5D03049A43BEB0F8F3B95A5B8AAE9A9F7D0C17FB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
21
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1272
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1272
SIHClient.exe
GET
200
2.16.164.89:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1272
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1272
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
1272
SIHClient.exe
GET
200
2.16.164.89:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
1272
SIHClient.exe
GET
200
2.16.164.89:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
1272
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.159.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1272
SIHClient.exe
20.109.210.53:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.16.164.9
  • 2.16.164.89
  • 2.16.164.33
  • 2.16.164.25
  • 2.16.164.11
  • 2.16.164.17
  • 2.16.164.34
  • 2.16.164.18
  • 2.16.164.26
  • 2.16.164.74
  • 2.16.164.32
  • 2.16.164.59
  • 2.16.164.72
  • 2.16.164.81
  • 2.16.164.27
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
google.com
  • 142.250.185.174
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.159.73
  • 20.190.159.64
  • 20.190.159.130
  • 40.126.31.3
  • 20.190.159.131
  • 20.190.159.129
  • 20.190.159.128
  • 20.190.159.4
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VeryFun.exe