File name:

SDI_R2408.zip

Full analysis: https://app.any.run/tasks/ab852f30-ab38-4990-b711-41f2eaf713b2
Verdict: Malicious activity
Analysis date: December 03, 2024, 22:10:44
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-doc
bittorrent
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

BB2F5E549E66542B153D320D890B073E

SHA1:

328F4CDAA75AAB420DCDB92B0CC108E62BCB05EF

SHA256:

8DA63FBC0CE6A9DDEFE42B1A4BA91618958133D9351116A83FCAEFAB882E466A

SSDEEP:

98304:kcy3MGDUHw7g36Yik51tJlQiwm2rDR7snyiX4s3TPjauIAabGXYy7KEWxwk71a8A:8Ne8SH4i9Lxv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • BITTORRENT has been detected (SURICATA)

      • SDI_x64_R2408.exe (PID: 6480)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 6744)
      • SDI_x64_R2408.exe (PID: 6480)

    • Potential Corporate Privacy Violation

      • SDI_x64_R2408.exe (PID: 6480)

    • Connects to unusual port

      • SDI_x64_R2408.exe (PID: 6480)

  • INFO

    • The process uses the downloaded file

      • WinRAR.exe (PID: 6744)
      • msedge.exe (PID: 3532)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6744)
      • msedge.exe (PID: 5400)

    • Checks supported languages

      • SDI_x64_R2408.exe (PID: 6480)
      • identity_helper.exe (PID: 7204)
      • identity_helper.exe (PID: 3744)

    • Reads Environment values

      • SDI_x64_R2408.exe (PID: 6480)
      • identity_helper.exe (PID: 3744)
      • identity_helper.exe (PID: 7204)

    • Application launched itself

      • msedge.exe (PID: 5040)
      • msedge.exe (PID: 4120)

    • Manual execution by a user

      • msedge.exe (PID: 4120)

    • Reads the computer name

      • SDI_x64_R2408.exe (PID: 6480)
      • identity_helper.exe (PID: 7204)
      • identity_helper.exe (PID: 3744)

    • Create files in a temporary directory

      • SDI_x64_R2408.exe (PID: 6480)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0002
ZipCompression: None
ZipModifyDate: 2018:09:29 00:24:12
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: tools/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
211
Monitored processes
76
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe sdi_x64_r2408.exe no specs #BITTORRENT sdi_x64_r2408.exe conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
420"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=7456 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
520"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2412 --field-trial-handle=2416,i,16678990339836790959,14506086751067082153,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
640"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5364 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1488"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6376 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1828"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4996 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2084"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3820 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2356"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5376 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2380"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5308 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2456"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5752 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2632"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x294,0x298,0x29c,0x28c,0x288,0x7ff821c95fd8,0x7ff821c95fe4,0x7ff821c95ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
12 201
Read events
12 143
Write events
40
Delete events
18

Modification events

(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\SDI_R2408.zip
(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6480) SDI_x64_R2408.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(6480) SDI_x64_R2408.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
Executable files
9
Suspicious files
586
Text files
340
Unknown types
0

Dropped files

PID
Process
Filename
Type
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\azerbaijan.txttext
MD5:505B0DE7B97212F78BA4266BB5A055E1
SHA256:4543E9820A0C7E0C807D18B423C0018FF8015BC8664E7F10673EF53282AFD9DA
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\brazilian.txttext
MD5:B7840D1E918FE67A26A3657C7C2BD79C
SHA256:E882A08233547FA9BA20E24CDAF64E36206ECA8ABAF3672A6C52A85D6EFBFCED
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\armenian.txttext
MD5:8C12D4A4463BAF32E3714A5C58476022
SHA256:A5FC6D54254ECD4BF53E4495C58BD0564DEC89CE6D7462E989CD1F4E233652AC
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\catalan.txttext
MD5:76D31CEA7C4689EA1975E9F9F6776F91
SHA256:5006A1541C92CCB8AF1516677731FE97F0EADC25B5DCAD5E11DCC35E5D27792D
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\georgian.txttext
MD5:EDCC129C881AAB75830BEBD3F2767132
SHA256:0D53928A463572479EC3C0110CE855B8A0A522CAF9F0F9E8884F07B808BAA3E1
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\english.txttext
MD5:3847CA6996306078F53B1BD3D1CDC4A0
SHA256:CE2E90B7488184CE71B463CBB5EF594BD96FFAEA1F81473ABCC4F28851352249
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\chinese_zh.txttext
MD5:EAE8E356B8D4372902F6ACA9959985F2
SHA256:4206E23A077026C61B0F57B350803327F1B0A33D2BD7B06EA47375A6E82810CD
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\croatian.txttext
MD5:B4B3114DA6380F1566C577934EFD3272
SHA256:6710177EB1CF25611A1B0560A7ED1840769A97BE26D141F366E2BA87802802AD
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\chinese_cn.txttext
MD5:1C0E58EFB136A5078E8D0B0A94B3B8D6
SHA256:5097B1FDE548223EE8B29A593B0F3BA7A4A1522C19A482C3DC2890048EA14844
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\danish.txttext
MD5:2C8C70D56B761567F11533765440F8B2
SHA256:CF95B1EFCBEC3AF58F1CB4FB0FAA25E9D90F8B400E64F14570EA31E71E78DCF5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
570
DNS requests
55
Threats
36

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3628
svchost.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6480
SDI_x64_R2408.exe
GET
200
185.26.122.80:80
http://sdi.com.ru/SDI_Update.torrent
unknown
unknown
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6480
SDI_x64_R2408.exe
GET
200
192.9.228.30:8080
http://share.camoe.cn:8080/announce?info_hash=%dcm%917%a1%be%b1%ab%0f%cc%c3%0c%a4%5eX%26%fe%81U%d5&peer_id=-LT1000-x_TnNlwpDui9&port=6881&uploaded=0&downloaded=0&left=46165541727&corrupt=0&key=8CA58B59&event=started&numwant=200&compact=1&no_peer_id=1&supportcrypto=1&redundant=0
unknown
unknown
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
7264
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3628
svchost.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
20.190.159.75:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
104.126.37.136:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.53.40.178
  • 23.53.40.176
whitelisted
google.com
  • 142.250.185.206
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
www.bing.com
  • 104.126.37.136
  • 104.126.37.154
  • 104.126.37.176
  • 104.126.37.155
  • 104.126.37.138
  • 104.126.37.153
  • 104.126.37.152
  • 104.126.37.169
  • 104.126.37.168
  • 104.126.37.186
  • 104.126.37.185
  • 104.126.37.123
  • 104.126.37.178
  • 104.126.37.177
  • 104.126.37.128
whitelisted
login.live.com
  • 20.190.159.75
  • 20.190.159.4
  • 20.190.159.68
  • 20.190.159.0
  • 40.126.31.73
  • 20.190.159.64
  • 40.126.31.71
  • 20.190.159.23
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
router.bittorrent.com
  • 67.215.246.10
whitelisted
router.utorrent.com
  • 82.221.103.244
whitelisted

Threats

PID
Process
Class
Message
6480
SDI_x64_R2408.exe
Potential Corporate Privacy Violation
ET P2P Possible Torrent Download via HTTP Request
6480
SDI_x64_R2408.exe
Potential Corporate Privacy Violation
ET P2P BitTorrent - Torrent File Downloaded
6480
SDI_x64_R2408.exe
Misc activity
INFO [ANY.RUN] P2P BitTorrent Protocol
6480
SDI_x64_R2408.exe
Potential Corporate Privacy Violation
GPL P2P BitTorrent announce request
6480
SDI_x64_R2408.exe
Misc activity
INFO [ANY.RUN] P2P BitTorrent Protocol
6480
SDI_x64_R2408.exe
Misc activity
INFO [ANY.RUN] P2P BitTorrent Protocol
6480
SDI_x64_R2408.exe
Potential Corporate Privacy Violation
GPL P2P BitTorrent transfer
6480
SDI_x64_R2408.exe
Misc activity
INFO [ANY.RUN] P2P BitTorrent Protocol
6480
SDI_x64_R2408.exe
Potential Corporate Privacy Violation
GPL P2P BitTorrent transfer
6480
SDI_x64_R2408.exe
Misc activity
INFO [ANY.RUN] P2P BitTorrent Protocol
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SDI_R2408.zip