File name:

SDI_R2408.zip

Full analysis: https://app.any.run/tasks/ab852f30-ab38-4990-b711-41f2eaf713b2
Verdict: Malicious activity
Analysis date: December 03, 2024, 22:10:44
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-doc
bittorrent
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

BB2F5E549E66542B153D320D890B073E

SHA1:

328F4CDAA75AAB420DCDB92B0CC108E62BCB05EF

SHA256:

8DA63FBC0CE6A9DDEFE42B1A4BA91618958133D9351116A83FCAEFAB882E466A

SSDEEP:

98304:kcy3MGDUHw7g36Yik51tJlQiwm2rDR7snyiX4s3TPjauIAabGXYy7KEWxwk71a8A:8Ne8SH4i9Lxv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • BITTORRENT has been detected (SURICATA)

      • SDI_x64_R2408.exe (PID: 6480)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 6744)
      • SDI_x64_R2408.exe (PID: 6480)

    • Potential Corporate Privacy Violation

      • SDI_x64_R2408.exe (PID: 6480)

    • Connects to unusual port

      • SDI_x64_R2408.exe (PID: 6480)

  • INFO

    • Checks supported languages

      • SDI_x64_R2408.exe (PID: 6480)
      • identity_helper.exe (PID: 3744)
      • identity_helper.exe (PID: 7204)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6744)
      • msedge.exe (PID: 5400)

    • Reads Environment values

      • SDI_x64_R2408.exe (PID: 6480)
      • identity_helper.exe (PID: 7204)
      • identity_helper.exe (PID: 3744)

    • Create files in a temporary directory

      • SDI_x64_R2408.exe (PID: 6480)

    • Reads the computer name

      • SDI_x64_R2408.exe (PID: 6480)
      • identity_helper.exe (PID: 7204)
      • identity_helper.exe (PID: 3744)

    • Manual execution by a user

      • msedge.exe (PID: 4120)

    • Application launched itself

      • msedge.exe (PID: 4120)
      • msedge.exe (PID: 5040)

    • The process uses the downloaded file

      • msedge.exe (PID: 3532)
      • WinRAR.exe (PID: 6744)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0002
ZipCompression: None
ZipModifyDate: 2018:09:29 00:24:12
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: tools/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
211
Monitored processes
76
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe sdi_x64_r2408.exe no specs #BITTORRENT sdi_x64_r2408.exe conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
420"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=7456 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
520"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2412 --field-trial-handle=2416,i,16678990339836790959,14506086751067082153,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
640"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5364 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1488"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6376 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1828"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4996 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2084"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3820 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2356"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5376 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2380"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5308 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2456"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5752 --field-trial-handle=2428,i,11788861931506223068,12308256626702665373,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2632"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x294,0x298,0x29c,0x28c,0x288,0x7ff821c95fd8,0x7ff821c95fe4,0x7ff821c95ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
12 201
Read events
12 143
Write events
40
Delete events
18

Modification events

(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\SDI_R2408.zip
(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6744) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6480) SDI_x64_R2408.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(6480) SDI_x64_R2408.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
Executable files
9
Suspicious files
586
Text files
340
Unknown types
0

Dropped files

PID
Process
Filename
Type
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\belarusian.txttext
MD5:D3027F02B6B46F426891EBD063AB94CA
SHA256:B0917EF1C1C48FFCA4B2286DF41C5BF969767830D9F6F01285B5F7B3C3A9E9CB
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\chinese_tw.txttext
MD5:6B4485A8830B8E75A5D89514ACA3CDC3
SHA256:1D07EED3C3062803A3BF36E180372533B66212CB6A75EE9260C1B7A6EAB68B84
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\arabic.txttext
MD5:59A306BD36D777E2C7EDCE73D5963825
SHA256:490C61DBDD6393A3FE7457EB3E5E5D1047DE2ED05D8DFD5EA7FFA36234BFFC37
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\danish.txttext
MD5:2C8C70D56B761567F11533765440F8B2
SHA256:CF95B1EFCBEC3AF58F1CB4FB0FAA25E9D90F8B400E64F14570EA31E71E78DCF5
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\azerbaijan.txttext
MD5:505B0DE7B97212F78BA4266BB5A055E1
SHA256:4543E9820A0C7E0C807D18B423C0018FF8015BC8664E7F10673EF53282AFD9DA
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\farsi.txttext
MD5:12FD932E37EC6420EB1E0986662F83CD
SHA256:219E5FBEFEC1D9DAC59EA449802C99842302E3278A770D3068724217222487A4
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\dutch.txttext
MD5:882BBACD3F620FCBCA6BDC6B26D71C4F
SHA256:D25F2430C122D20DC824219CF0F28C4E7579C0AFB881A401E5335B12565A04D1
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\english.txttext
MD5:3847CA6996306078F53B1BD3D1CDC4A0
SHA256:CE2E90B7488184CE71B463CBB5EF594BD96FFAEA1F81473ABCC4F28851352249
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\armenian.txttext
MD5:8C12D4A4463BAF32E3714A5C58476022
SHA256:A5FC6D54254ECD4BF53E4495C58BD0564DEC89CE6D7462E989CD1F4E233652AC
6744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6744.16510\tools\SDI\langs\chinese.txttext
MD5:49040B8AC3F1047494418AC916C4F21D
SHA256:489C0CBFB84A40C2EF7B9015F550D0F53221588024BFCE00303D9F9FE9EFD553
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
570
DNS requests
55
Threats
36

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3628
svchost.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6480
SDI_x64_R2408.exe
GET
200
185.26.122.80:80
http://sdi.com.ru/SDI_Update.torrent
unknown
unknown
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6480
SDI_x64_R2408.exe
GET
200
192.9.228.30:8080
http://share.camoe.cn:8080/announce?info_hash=%dcm%917%a1%be%b1%ab%0f%cc%c3%0c%a4%5eX%26%fe%81U%d5&peer_id=-LT1000-x_TnNlwpDui9&port=6881&uploaded=0&downloaded=0&left=46165541727&corrupt=0&key=8CA58B59&event=started&numwant=200&compact=1&no_peer_id=1&supportcrypto=1&redundant=0
unknown
unknown
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6400
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3628
svchost.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
20.190.159.75:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
104.126.37.136:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.53.40.178
  • 23.53.40.176
whitelisted
google.com
  • 142.250.185.206
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
www.bing.com
  • 104.126.37.136
  • 104.126.37.154
  • 104.126.37.176
  • 104.126.37.155
  • 104.126.37.138
  • 104.126.37.153
  • 104.126.37.152
  • 104.126.37.169
  • 104.126.37.168
  • 104.126.37.186
  • 104.126.37.185
  • 104.126.37.123
  • 104.126.37.178
  • 104.126.37.177
  • 104.126.37.128
whitelisted
login.live.com
  • 20.190.159.75
  • 20.190.159.4
  • 20.190.159.68
  • 20.190.159.0
  • 40.126.31.73
  • 20.190.159.64
  • 40.126.31.71
  • 20.190.159.23
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
router.bittorrent.com
  • 67.215.246.10
whitelisted
router.utorrent.com
  • 82.221.103.244
whitelisted

Threats

PID
Process
Class
Message
6480
SDI_x64_R2408.exe
Potential Corporate Privacy Violation
ET P2P Possible Torrent Download via HTTP Request
6480
SDI_x64_R2408.exe
Potential Corporate Privacy Violation
ET P2P BitTorrent - Torrent File Downloaded
6480
SDI_x64_R2408.exe
Misc activity
INFO [ANY.RUN] P2P BitTorrent Protocol
6480
SDI_x64_R2408.exe
Potential Corporate Privacy Violation
GPL P2P BitTorrent announce request
6480
SDI_x64_R2408.exe
Misc activity
INFO [ANY.RUN] P2P BitTorrent Protocol
6480
SDI_x64_R2408.exe
Misc activity
INFO [ANY.RUN] P2P BitTorrent Protocol
6480
SDI_x64_R2408.exe
Potential Corporate Privacy Violation
GPL P2P BitTorrent transfer
6480
SDI_x64_R2408.exe
Misc activity
INFO [ANY.RUN] P2P BitTorrent Protocol
6480
SDI_x64_R2408.exe
Potential Corporate Privacy Violation
GPL P2P BitTorrent transfer
6480
SDI_x64_R2408.exe
Misc activity
INFO [ANY.RUN] P2P BitTorrent Protocol
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SDI_R2408.zip