File name:

VeryFun.exe

Full analysis: https://app.any.run/tasks/88a4ae06-061a-48cd-826e-7668a0a27309
Verdict: Malicious activity
Analysis date: May 10, 2025, 13:32:32
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
upx
autoit
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

EF7B3C31BC127E64627EDD8B89B2AE54

SHA1:

310D606EC2F130013CC9D2F38A9CC13A2A34794A

SHA256:

8B04FDA4BEE1806587657DA6C6147D3E949AA7D11BE1EEFB8CD6EF0DBA76D387

SSDEEP:

49152:wshda+bFz6dmTTfO0JBhybeUXzELz/RkxI6Zxkxur4E5IReTD5GKHmDVJPY8t:Js/4ibecELz/RkO6LF4hRq5GKHmBBYC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Scans artifacts that could help determine the target

      • cmd.exe (PID: 7532)

  • SUSPICIOUS

    • The process checks if it is being run in the virtual environment

      • cmd.exe (PID: 7532)

    • Checks for the .NET to be installed

      • cmd.exe (PID: 7532)

    • Changes the title of the Internet Explorer window

      • cmd.exe (PID: 7532)

    • Starts CMD.EXE for commands execution

      • VeryFun.exe (PID: 7472)

    • Reads the history of recent RDP connections

      • cmd.exe (PID: 7532)

    • Changes the Home page of Internet Explorer

      • cmd.exe (PID: 7532)

    • There is functionality for taking screenshot (YARA)

      • VeryFun.exe (PID: 7472)
      • cmd.exe (PID: 7508)
      • cmd.exe (PID: 7532)

    • Application launched itself

      • ie4uinit.exe (PID: 5720)
      • setup.exe (PID: 7820)
      • setup.exe (PID: 7968)
      • setup.exe (PID: 5324)

    • Uses RUNDLL32.EXE to load library

      • ie4uinit.exe (PID: 5668)

  • INFO

    • Reads mouse settings

      • cmd.exe (PID: 8044)
      • cmd.exe (PID: 7508)
      • VeryFun.exe (PID: 7472)
      • cmd.exe (PID: 7532)
      • cmd.exe (PID: 8112)

    • Reads the computer name

      • VeryFun.exe (PID: 7472)

    • Checks supported languages

      • VeryFun.exe (PID: 7472)

    • The sample compiled with english language support

      • VeryFun.exe (PID: 7472)

    • UPX packer has been detected

      • VeryFun.exe (PID: 7472)
      • cmd.exe (PID: 7508)
      • cmd.exe (PID: 7532)

    • The process uses AutoIt

      • VeryFun.exe (PID: 7472)
      • cmd.exe (PID: 7532)
      • cmd.exe (PID: 7508)

    • Application launched itself

      • chrmstp.exe (PID: 864)
      • chrmstp.exe (PID: 7740)

    • Manual execution by a user

      • ie4uinit.exe (PID: 5720)
      • unregmp2.exe (PID: 7496)
      • chrmstp.exe (PID: 7740)
      • setup.exe (PID: 7968)
      • WerFault.exe (PID: 5364)
      • WerFault.exe (PID: 2020)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (28.6)
.exe | UPX compressed Win32 Executable (28)
.exe | Win32 EXE Yoda's Crypter (27.5)
.dll | Win32 Dynamic Link Library (generic) (6.8)
.exe | Win32 Executable (generic) (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:09:22 22:25:28+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 356352
InitializedDataSize: 2826240
UninitializedDataSize: 3354624
EntryPoint: 0x389de0
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (British)
CharacterSet: Unicode
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
157
Monitored processes
28
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start veryfun.exe cmd.exe no specs cmd.exe no specs sppextcomobj.exe no specs slui.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs werfault.exe no specs ie4uinit.exe no specs cmd.exe no specs ie4uinit.exe no specs unregmp2.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs setup.exe no specs setup.exe no specs setup.exe no specs setup.exe no specs setup.exe no specs setup.exe no specs cmd.exe no specs rundll32.exe no specs slui.exe no specs werfault.exe no specs veryfun.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
864"C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=2 --install-level=0C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\chrmstp.exechrmstp.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome Installer
Exit code:
73
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\122.0.6261.70\installer\chrmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2020C:\WINDOWS\system32\WerFault.exe -u -p 1056 -s 3656C:\Windows\System32\WerFault.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
2147942431
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
3300"C:\WINDOWS\system32\cmd.exe"C:\Windows\SysWOW64\cmd.exeVeryFun.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4336C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5324"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\Installer\setup.exe" --msedge --channel=stable --launch-msedge-after-unlock --verbose-logging --system-levelC:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\Installer\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\installer\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
5364C:\WINDOWS\system32\WerFault.exe -u -p 5492 -s 8760C:\Windows\System32\WerFault.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
2147942431
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\oleaut32.dll
5668C:\Windows\System32\ie4uinit.exe -ClearIconCacheC:\Windows\System32\ie4uinit.exeie4uinit.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
IE Per-User Initialization Utility
Exit code:
0
Version:
11.00.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ie4uinit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5720"C:\Windows\System32\ie4uinit.exe" -UserConfigC:\Windows\System32\ie4uinit.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
IE Per-User Initialization Utility
Exit code:
0
Version:
11.00.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ie4uinit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6708C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0C:\Windows\System32\rundll32.exeie4uinit.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
6740"C:\WINDOWS\system32\cmd.exe"C:\Windows\SysWOW64\cmd.exeVeryFun.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
191 424
Read events
163 587
Write events
27 805
Delete events
32

Modification events

(PID) Process:(7472) VeryFun.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management
Operation:writeName:LargePageMinimum
Value:
1
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Reflection.Emit.ILGeneration, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
îž/-;‹LqéK*¦ˆÎ%ª‡t£@Æew
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Reflection.Emit.Lightweight, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
&atzòÕ‘we'‹„#æì¨ãk[þftÆv
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Reflection.Extensions, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
ë–S;ÿrRÅïèTp „øáó9˜·óDA²7‚
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Reflection.Primitives, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
»9%¢ù×
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Resources.Reader, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
©T.îJMýߦ®ù¨egiÿía~ñÑà
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Resources.ResourceManager, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
ꆨ¨øÇ€Øy"¬n?ü‚‘Ü("¡ñت
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Resources.Writer, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
ìĺGö5ÖÕ@PçOÚ;‰z Ö½
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Runtime, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
Q8­¶çqŒ<iGŠ€1à_.è`TÊe¤à¤
(PID) Process:(7532) cmd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Fusion\References\System.Runtime.Caching, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\{2EC93463-B0C3-45E1-8364-327E96AEA856}
Operation:writeName:{71F8EFBF-09AF-418D-91F1-52707CDFA274}
Value:
ùi¿´sÖϐ?-=C©¶ª¡é¼-zfþ3@Œ
Executable files
5
Suspicious files
3
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
7472VeryFun.exeC:\Windows\system.inibinary
MD5:D0FC2CE93295D330D919057753B6907F
SHA256:7B99CE362B7AEDB34DA70270104F05A80DA41E81148239EBF416E696ED208A52
5720ie4uinit.exeC:\Users\admin\AppData\Local\Temp\RGI1E18.tmptext
MD5:87BA1D52A05A8D4343356EB0C6279DE2
SHA256:564A351DB0AB9249751ECF3F5D03049A43BEB0F8F3B95A5B8AAE9A9F7D0C17FB
7496unregmp2.exeC:\Users\admin\AppData\Local\Temp\wmsetup.logtext
MD5:6D40620BBB52BDD7FA9D8A087D9A5090
SHA256:0C86E307BA82BA5C2912D30973405182B93602A41A94C25AA0647D97BFF3D280
5720ie4uinit.exeC:\Users\admin\AppData\Local\Temp\RGI1DE8.tmptext
MD5:0D6E3B5966C8910612CBB86683829EFD
SHA256:6B5C97558FDF8CC87169CAD942F04A633BF2B9931D50BF22D91E632C0EA596AF
5720ie4uinit.exeC:\Users\admin\AppData\Local\Temp\RGI1DD7.tmptext
MD5:0D6E3B5966C8910612CBB86683829EFD
SHA256:6B5C97558FDF8CC87169CAD942F04A633BF2B9931D50BF22D91E632C0EA596AF
7740chrmstp.exeC:\Windows\Temp\Crashpad\settings.datbinary
MD5:E18C6C24C1D9C633C63266BC4D3516E2
SHA256:AF04745E902A883FC5D1EA3C2BFE1AC9976BF2C151B93F9DBE224D906CF8E4C6
864chrmstp.exeC:\Users\admin\AppData\Local\Temp\chrome_installer.logtext
MD5:9776160AB84507C8D288EC7CC71F24CB
SHA256:3377926BF3F2DD65F49EF3C0FF70DF09D623AFFB55DDB88081AA57739481DFF9
5720ie4uinit.exeC:\Users\admin\AppData\Local\Temp\RGI1DC6.tmptext
MD5:0D6E3B5966C8910612CBB86683829EFD
SHA256:6B5C97558FDF8CC87169CAD942F04A633BF2B9931D50BF22D91E632C0EA596AF
5720ie4uinit.exeC:\Users\admin\AppData\Local\Temp\RGI1DD8.tmptext
MD5:0D6E3B5966C8910612CBB86683829EFD
SHA256:6B5C97558FDF8CC87169CAD942F04A633BF2B9931D50BF22D91E632C0EA596AF
7768setup.exeC:\Windows\Temp\MsEdgeCrashpad\settings.datbinary
MD5:4E39B68BE809BD266B9B663B8B55DA9C
SHA256:28F42958E87CF3BAB07A5FA3FF53EEC7F1B4DD85075AE2EB18A342943AC52051
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
21
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1272
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1272
SIHClient.exe
GET
200
2.16.164.89:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1272
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
1272
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1272
SIHClient.exe
GET
200
2.16.164.89:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
1272
SIHClient.exe
GET
200
2.16.164.89:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
1272
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.159.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1272
SIHClient.exe
20.109.210.53:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.16.164.9
  • 2.16.164.89
  • 2.16.164.33
  • 2.16.164.25
  • 2.16.164.11
  • 2.16.164.17
  • 2.16.164.34
  • 2.16.164.18
  • 2.16.164.26
  • 2.16.164.74
  • 2.16.164.32
  • 2.16.164.59
  • 2.16.164.72
  • 2.16.164.81
  • 2.16.164.27
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
google.com
  • 142.250.185.174
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.159.73
  • 20.190.159.64
  • 20.190.159.130
  • 40.126.31.3
  • 20.190.159.131
  • 20.190.159.129
  • 20.190.159.128
  • 20.190.159.4
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VeryFun.exe