File name:

BingWallpaper.exe

Full analysis: https://app.any.run/tasks/dc76c999-f15b-4d26-85ef-185c15b81dc3
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: December 11, 2024, 06:05:28
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

2D676F65C1758E0603255B09637D56D6

SHA1:

11620B42C490EC55EC44C5A2FA24FD13F42D1489

SHA256:

8E80065B2D6B1193C3028E3CACCBE6638FF49CC87DFC464762D7643E3713A9FE

SSDEEP:

98304:Cn2fVg3UM1tOfXzBQHaRzaTViAJFZkYuhYJqKXAppAZxbSpwCVy4SUfclqjPPU0q:G8MgakBwhv7EdeV5PIhofakQTK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Steals credentials from Web Browsers

      • BWInstaller.exe (PID: 6408)
      • DefaultSetup.exe (PID: 6196)

    • Actions looks like stealing of personal data

      • BWInstaller.exe (PID: 6408)
      • BingWallpaperApp.exe (PID: 7076)
      • DefaultSetup.exe (PID: 6196)

    • Changes the autorun value in the registry

      • msiexec.exe (PID: 6884)
      • BWInstaller.exe (PID: 6408)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • BingWallpaper.exe (PID: 6264)
      • rundll32.exe (PID: 7016)
      • rundll32.exe (PID: 7116)
      • BingWallpaperApp.exe (PID: 7076)
      • DefaultSetup.exe (PID: 6084)

    • Starts a Microsoft application from unusual location

      • BingWallpaper.exe (PID: 6264)
      • BWInstaller.exe (PID: 6408)
      • DefaultSetup.exe (PID: 6196)

    • Process drops legitimate windows executable

      • BingWallpaper.exe (PID: 6264)
      • msiexec.exe (PID: 6884)
      • DefaultSetup.exe (PID: 6084)

    • Checks Windows Trust Settings

      • BWInstaller.exe (PID: 6408)
      • msiexec.exe (PID: 6884)

    • Reads Mozilla Firefox installation path

      • BWInstaller.exe (PID: 6408)
      • BingWallpaperApp.exe (PID: 7076)

    • Reads security settings of Internet Explorer

      • BWInstaller.exe (PID: 6408)
      • BingWallpaperApp.exe (PID: 7076)
      • DefaultSetup.exe (PID: 6196)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6884)

    • Changes the desktop background image

      • BingWallpaperApp.exe (PID: 7076)

  • INFO

    • Checks supported languages

      • BingWallpaper.exe (PID: 6264)
      • StartupInstaller.exe (PID: 6392)
      • BWInstaller.exe (PID: 6408)
      • BingWallpaperApp.exe (PID: 7076)
      • msiexec.exe (PID: 6884)
      • msiexec.exe (PID: 6976)
      • DefaultSetup.exe (PID: 6084)
      • DefaultSetup.exe (PID: 6196)

    • The sample compiled with english language support

      • BingWallpaper.exe (PID: 6264)
      • rundll32.exe (PID: 7016)
      • rundll32.exe (PID: 7116)
      • BingWallpaperApp.exe (PID: 7076)
      • DefaultSetup.exe (PID: 6084)

    • Reads the computer name

      • BWInstaller.exe (PID: 6408)
      • msiexec.exe (PID: 6884)
      • msiexec.exe (PID: 6976)
      • BingWallpaperApp.exe (PID: 7076)

    • Reads the machine GUID from the registry

      • BWInstaller.exe (PID: 6408)
      • msiexec.exe (PID: 6884)
      • BingWallpaperApp.exe (PID: 7076)
      • DefaultSetup.exe (PID: 6196)

    • The process uses the downloaded file

      • BWInstaller.exe (PID: 6408)
      • DefaultSetup.exe (PID: 6196)

    • Reads the software policy settings

      • BWInstaller.exe (PID: 6408)
      • msiexec.exe (PID: 6884)
      • BingWallpaperApp.exe (PID: 7076)

    • Create files in a temporary directory

      • BWInstaller.exe (PID: 6408)
      • rundll32.exe (PID: 7016)
      • rundll32.exe (PID: 7116)
      • BingWallpaperApp.exe (PID: 7076)
      • DefaultSetup.exe (PID: 6084)

    • Creates files or folders in the user directory

      • BWInstaller.exe (PID: 6408)
      • msiexec.exe (PID: 6884)
      • rundll32.exe (PID: 7116)
      • BingWallpaperApp.exe (PID: 7076)

    • Process checks computer location settings

      • BWInstaller.exe (PID: 6408)
      • BingWallpaperApp.exe (PID: 7076)
      • DefaultSetup.exe (PID: 6196)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6884)
      • firefox.exe (PID: 6536)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 7016)
      • rundll32.exe (PID: 7116)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6884)

    • Checks proxy server information

      • rundll32.exe (PID: 7116)
      • BingWallpaperApp.exe (PID: 7076)

    • Disables trace logs

      • BingWallpaperApp.exe (PID: 7076)
      • DefaultSetup.exe (PID: 6196)

    • Application launched itself

      • firefox.exe (PID: 4976)
      • chrome.exe (PID: 6624)
      • firefox.exe (PID: 6536)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2000:11:24 11:50:57+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.2
CodeSize: 25600
InitializedDataSize: 13760000
UninitializedDataSize: -
EntryPoint: 0x6a00
OSVersion: 10
ImageVersion: 10
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.0.1.3
ProductVersionNumber: 2.0.1.3
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: BingWallpaper
FileVersion: 2.0.1.3
InternalName: Wextract
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFileName: WEXTRACT.EXE .MUI
ProductName: BingWallpaper
ProductVersion: 2.0.1.3
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
152
Monitored processes
31
Malicious processes
8
Suspicious processes
1

Behavior graph

Click at the process to see the details
start bingwallpaper.exe startupinstaller.exe no specs bwinstaller.exe msiexec.exe no specs msiexec.exe msiexec.exe no specs rundll32.exe bingwallpaperapp.exe rundll32.exe defaultsetup.exe defaultsetup.exe firefox.exe no specs chrome.exe firefox.exe chrome.exe no specs firefox.exe no specs firefox.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs firefox.exe no specs chrome.exe no specs chrome.exe no specs firefox.exe no specs chrome.exe no specs chrome.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1200"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=2260 --field-trial-handle=1864,i,16884996733009542248,15900612254420721523,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1796"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3580 --field-trial-handle=1864,i,16884996733009542248,15900612254420721523,262144 --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2452"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1864,i,16884996733009542248,15900612254420721523,262144 --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2600"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2324 -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2980 -prefsLen 26911 -prefMapSize 244629 -jsInitHandle 1576 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5db69a2a-28e5-46b5-aa91-eda9f06c5797} 6536 "\\.\pipe\gecko-crash-server-pipe.6536" 23a93c18f50 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4872"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240213221259 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 31031 -prefMapSize 244629 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c93bb7a-a3fe-4710-a930-d287c1814778} 6536 "\\.\pipe\gecko-crash-server-pipe.6536" 23a8eebe810 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4976"C:\Program Files\Mozilla Firefox\firefox.exe" https://go.microsoft.com/fwlink/?linkid=2120579&partnerCode=W011&machineID=FF8E2DAD3AA81FC22F5A0974CC79EE63&mkt=en-usC:\Program Files\Mozilla Firefox\firefox.exeDefaultSetup.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5112"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=2216 --field-trial-handle=1864,i,16884996733009542248,15900612254420721523,262144 --variations-seed-version /prefetch:3C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
6084 /c:"DefaultSetup.exe CD=1"C:\Users\admin\AppData\Local\Microsoft\DefaultSetup\DefaultSetup.exe
BWInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
DefaultSetup
Exit code:
0
Version:
2.0.0.5
Modules
Images
c:\users\admin\appdata\local\microsoft\defaultsetup\defaultsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6196C:\Users\admin\AppData\Local\Temp\IXP001.TMP\DefaultSetup.exe CD=1C:\Users\admin\AppData\Local\Temp\IXP001.TMP\DefaultSetup.exe
DefaultSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
DefaultSetup
Exit code:
0
Version:
2.0.0.5
Modules
Images
c:\users\admin\appdata\local\temp\ixp001.tmp\defaultsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
6252"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2196 -parentBuildID 20240213221259 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 31031 -prefMapSize 244629 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25307b9d-2bfe-474d-b258-84a9daca0224} 6536 "\\.\pipe\gecko-crash-server-pipe.6536" 23a83882910 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
30 336
Read events
30 157
Write events
168
Delete events
11

Modification events

(PID) Process:(6408) BWInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\BingWallpaperApp
Operation:writeName:PartnerCode
Value:
W011
(PID) Process:(6408) BWInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Dispatcher
Operation:writeName:MachineID
Value:
FF8E2DAD3AA81FC22F5A0974CC79EE63
(PID) Process:(6884) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
E41A00000EF36DB6924BDB01
(PID) Process:(6884) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
AAA95DF89F639579ECABC675748EA1F02CAD63CFDA278331C8C4D65AB9ED37DF
(PID) Process:(6884) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(6884) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Operation:writeName:C:\Users\admin\AppData\Roaming\Microsoft\Installer\
Value:
(PID) Process:(6884) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\E75EB4F5223116D48A5EDF60E49565E9
Operation:writeName:1499D032364BC9B44B38179247B0A91C
Value:
01:\Software\Microsoft\BingWallpaperApp\isMSIInstalled
(PID) Process:(6884) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\810C749B0985F6E428196CE616BCA73E
Operation:writeName:1499D032364BC9B44B38179247B0A91C
Value:
01:\Software\Microsoft\BingWallpaperApp\isMSIInstalled
(PID) Process:(6884) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\9BC0DD7D0D606B5438AEAEB5EB52DB88
Operation:writeName:1499D032364BC9B44B38179247B0A91C
Value:
01:\Software\Microsoft\BingWallpaperApp\isMSIInstalled
(PID) Process:(6884) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Operation:writeName:C:\Users\admin\AppData\Local\Microsoft\BingWallpaperApp\
Value:
1
Executable files
25
Suspicious files
194
Text files
57
Unknown types
4

Dropped files

PID
Process
Filename
Type
6264BingWallpaper.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\BWCInstaller.msi
MD5:
SHA256:
6884msiexec.exeC:\Windows\Installer\137717.msi
MD5:
SHA256:
6408BWInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C0018BB1B5834735BFA60CD063B31956der
MD5:3E3AED1C0BA46C98A8EF6B3BEC083998
SHA256:3FAB079F84B987B1A1E305228BD9D2C7DC9A4033B62D3715073C009391FC949F
6264BingWallpaper.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\DispatchQueue.dllexecutable
MD5:588B3B8D0B4660E99529C3769BBDFEDC
SHA256:D05A41ED2AA8AF71E4C24BFFF27032D6805C7883E9C4A88AA0A885E441BEC649
6264BingWallpaper.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeexecutable
MD5:8223C7FF563B00446B5D93A76312AD1F
SHA256:2DEBB8A75E204F941344700C1B186A07C847E786893FEDEFBEE4EB073779CAE2
6408BWInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37C951188967C8EB88D99893D9D191FEder
MD5:F0CF5B1794ECA7CD73F9C020DAAB8EF2
SHA256:2AF00EDCE7EF3266897E52DC81E8DE3B7A079028C0F1F96EAFF9E38AD342F617
6264BingWallpaper.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\BrowserDefMgr.dllexecutable
MD5:DC54A5CF3776E2A936B289AE3A37EF83
SHA256:C78B29567031B933061230A3878782CB6781416823CDFF9BA2277BCE5ABDA525
6884msiexec.exeC:\Windows\Installer\13771a.msi
MD5:
SHA256:
6264BingWallpaper.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\LocalizedTitles.jsonbinary
MD5:888C9CB6099CFFD5CEE9280A56E6B5BC
SHA256:3CC476E0F5A79FD61D1AF091C8F9665B00E4A7D748EA3122CD852B88C242D674
6408BWInstaller.exeC:\Users\admin\AppData\Local\Temp\ZMG65E1.tmptext
MD5:AB34F21547A4B5D1EA2F8CC4E8D35B68
SHA256:D50325912972A9DE3BA14802187A5F311EF773B0830E44B603C59F4256DE7437
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
129
DNS requests
164
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.48.23.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.48.23.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6408
BWInstaller.exe
GET
200
23.48.23.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6408
BWInstaller.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.48.23.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
2.16.204.139:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
40.126.32.140:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 23.48.23.176
  • 23.48.23.143
  • 23.48.23.145
  • 23.48.23.147
  • 23.48.23.164
  • 23.48.23.177
  • 23.48.23.194
  • 23.48.23.156
  • 23.48.23.167
whitelisted
www.microsoft.com
  • 2.23.181.156
whitelisted
google.com
  • 216.58.206.78
whitelisted
www.bing.com
  • 2.16.204.139
  • 2.16.204.150
  • 2.16.204.149
  • 2.16.204.145
  • 2.16.204.148
  • 2.16.204.143
  • 2.16.204.138
  • 2.16.204.146
  • 2.16.204.147
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.140
  • 20.190.160.14
  • 40.126.32.133
  • 40.126.32.136
  • 40.126.32.138
  • 40.126.32.74
  • 40.126.32.68
  • 40.126.32.134
whitelisted
go.microsoft.com
  • 23.35.238.131
  • 184.28.89.167
whitelisted
g.ceipmsn.com
  • 20.41.62.11
unknown
bingwallpaper.microsoft.com
  • 52.173.134.115
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BingWallpaper.exe