File name:

MDE_File_Sample_a53d2abf4a9c8dd53d1117c7f221cf2803887ca1(2).zip

Full analysis: https://app.any.run/tasks/700164ce-40e1-4e9d-8c4b-e2ef02f12ae1
Verdict: Malicious activity
Analysis date: April 15, 2025, 19:59:27
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

33D176CA7C250FEC0F3D9121DD426B81

SHA1:

98B553F50786531010153F7A15066D4C6EF6E267

SHA256:

91A2C401855DE6380C05917DF5F3491B75682B3C318A38A807F380CAEB3FC5EF

SSDEEP:

98304:xKL1dmnXjStR23tjYWtSy9NDiAeUxwarcJGIl/QfUTWAS0esayOP44nYfeDMYcr9:tm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 920)
      • msiexec.exe (PID: 5384)
    • Starts POWERSHELL.EXE for commands execution

      • OpenWith.exe (PID: 3760)
    • Executes as Windows Service

      • VSSVC.exe (PID: 6248)
    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 5384)
    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 1128)
    • Starts a Microsoft application from unusual location

      • cookie_exporter.exe (PID: 1196)
  • INFO

    • The sample compiled with english language support

      • WinRAR.exe (PID: 920)
      • msiexec.exe (PID: 6300)
      • msiexec.exe (PID: 5384)
      • msiexec.exe (PID: 5200)
      • msiexec.exe (PID: 2340)
    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 920)
      • msiexec.exe (PID: 6300)
      • msiexec.exe (PID: 5384)
      • msiexec.exe (PID: 5200)
      • msiexec.exe (PID: 2340)
    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 3676)
      • OpenWith.exe (PID: 3760)
      • OpenWith.exe (PID: 5408)
    • Reads security settings of Internet Explorer

      • OpenWith.exe (PID: 3676)
      • OpenWith.exe (PID: 3760)
      • msiexec.exe (PID: 6300)
    • Application launched itself

      • AcroCEF.exe (PID: 4932)
      • Acrobat.exe (PID: 2420)
    • Reads the software policy settings

      • slui.exe (PID: 6972)
      • msiexec.exe (PID: 6300)
      • slui.exe (PID: 5624)
      • msiexec.exe (PID: 5384)
    • Manual execution by a user

      • msiexec.exe (PID: 6300)
      • msiexec.exe (PID: 5200)
      • msiexec.exe (PID: 2340)
    • Checks proxy server information

      • msiexec.exe (PID: 6300)
      • slui.exe (PID: 5624)
    • Creates files or folders in the user directory

      • msiexec.exe (PID: 6300)
    • Reads the computer name

      • msiexec.exe (PID: 5384)
      • msiexec.exe (PID: 1532)
      • msiexec.exe (PID: 1128)
      • cookie_exporter.exe (PID: 1196)
      • msiexec.exe (PID: 5868)
      • msiexec.exe (PID: 4284)
      • msiexec.exe (PID: 7012)
      • msiexec.exe (PID: 1852)
    • Checks supported languages

      • msiexec.exe (PID: 1532)
      • msiexec.exe (PID: 5384)
      • msiexec.exe (PID: 1128)
      • cookie_exporter.exe (PID: 1196)
      • msiexec.exe (PID: 5868)
      • msiexec.exe (PID: 4284)
      • msiexec.exe (PID: 7012)
      • msiexec.exe (PID: 1852)
    • Manages system restore points

      • SrTasks.exe (PID: 4236)
    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 5384)
    • Create files in a temporary directory

      • msiexec.exe (PID: 1128)
      • msiexec.exe (PID: 5384)
      • msiexec.exe (PID: 4284)
      • msiexec.exe (PID: 1852)
    • Creates a software uninstall entry

      • msiexec.exe (PID: 5384)
    • Process checks computer location settings

      • msiexec.exe (PID: 1128)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0001
ZipCompression: Deflated
ZipModifyDate: 2025:04:15 19:55:04
ZipCRC: 0xedc5112e
ZipCompressedSize: 1835184
ZipUncompressedSize: 3231744
ZipFileName: a53d2abf4a9c8dd53d1117c7f221cf2803887ca1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
168
Monitored processes
34
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe sppextcomobj.exe no specs slui.exe rundll32.exe no specs openwith.exe no specs acrobat.exe no specs acrobat.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs slui.exe openwith.exe no specs powershell.exe no specs conhost.exe no specs openwith.exe no specs msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs cookie_exporter.exe msiexec.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe msiexec.exe no specs msiexec.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
664C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
920"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\Downloads\MDE_File_Sample_a53d2abf4a9c8dd53d1117c7f221cf2803887ca1(2).zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1128C:\Windows\syswow64\MsiExec.exe -Embedding 0A643ADDE5288177CCBEA01203FDA550C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1196"C:\Users\admin\AppData\Local\Temp\EdgeIdentity\cookie_exporter.exe" C:\Users\admin\AppData\Local\Temp\EdgeIdentity\cookie_exporter.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Version:
116.0.1938.81
Modules
Images
c:\users\admin\appdata\local\temp\edgeidentity\cookie_exporter.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\users\admin\appdata\local\temp\edgeidentity\msedge.dll
1388"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=renderer --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2824 --field-trial-handle=1608,i,17500984343611981626,1926731022821962041,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1532C:\Windows\syswow64\MsiExec.exe -Embedding 1FEA19023387E4D22B533E40EF320479 CC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1852C:\Windows\syswow64\MsiExec.exe -Embedding E9D36E94C0B97B5AB34CCD6B19EBD77AC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2288\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2340"C:\WINDOWS\System32\msiexec.exe" /i "C:\Users\admin\Desktop\1\a53d2abf4a9c8dd53d1117c7f221cf2803887ca1.msi" C:\Windows\System32\msiexec.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2420"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\admin\Desktop\1\a53d2abf4a9c8dd53d1117c7f221cf2803887ca1"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeOpenWith.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat
Exit code:
1
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrobat.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
31 935
Read events
31 438
Write events
434
Delete events
63

Modification events

(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Downloads\MDE_File_Sample_a53d2abf4a9c8dd53d1117c7f221cf2803887ca1(2).zip
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:15
Value:
(PID) Process:(920) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:14
Value:
Executable files
36
Suspicious files
166
Text files
20
Unknown types
0

Dropped files

PID
Process
Filename
Type
920WinRAR.exeC:\Users\admin\Desktop\MDE_File_Sample_a53d2abf4a9c8dd53d1117c7f221cf2803887ca1(2)\a53d2abf4a9c8dd53d1117c7f221cf2803887ca1executable
MD5:4286B42A3BDD4596DB00DBC14D87ED1F
SHA256:EC10B992FBA1C77B8192A7A6CC12FAA9A275ECE442C4FC4F25F1100531C914F2
5964Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEventsbinary
MD5:7C0127D7E4FCC251AA007D47C15BE224
SHA256:BBBF1F43F281EA97856979EA3F72A007D875DEA62ACA9040A0B707D834E85F6A
5964Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5964binary
MD5:366B140BAFC863B7E366AA1E51604759
SHA256:CBC8B288DBD2C72432081CF33CEF431572A94C7FB89DBCD59973B99E3871814E
5964Acrobat.exeC:\Users\admin\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.1.20093.6 2025-04-15 20-00-34-335.logtext
MD5:460C6041966002D8384A18C895A65EB0
SHA256:C83EC6E8FB3EC62481289C033238C1D9B08DB8076EAAD304099FD7A7F594F1B9
5964Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTINGbinary
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
5964Acrobat.exeC:\Users\admin\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txttext
MD5:5CE0C68883544076D9202F07FD14F94C
SHA256:6369F9AB1ADF3A072545DA020245637EC8BE04F0AA87066D036FFF5EEF9F304C
2420Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lstbinary
MD5:366B140BAFC863B7E366AA1E51604759
SHA256:CBC8B288DBD2C72432081CF33CEF431572A94C7FB89DBCD59973B99E3871814E
5964Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.jsonbinary
MD5:837C1211E392A24D64C670DC10E8DA1B
SHA256:8013AC030684B86D754BBFBAB8A9CEC20CAA4DD9C03022715FF353DC10E14031
4932AcroCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF11a891.TMPtext
MD5:D012E5B4EB91B61F6E8AE2F8EC3C623E
SHA256:1BDA750084F20306722008016420E1912BA608CA8EFB9C661F7E7EFCF5E89673
5964Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalbinary
MD5:168BD5605B740C56530923C9182A6A6D
SHA256:8513005E84C8506E12704806F67BE84AE0A897C40D87ED0C7C994641A1DC89BD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
47
DNS requests
2 342
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.173:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1228
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1228
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2924
SearchApp.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
2924
SearchApp.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6300
msiexec.exe
GET
200
18.173.205.76:80
http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQg3SSkKA74hABkhmlBtJTz8w3hlAQU%2BWC71OPVNPa49QaAJadz20ZpqJ4CEEJLalPOx2YUHCpjsaUcQQQ%3D
unknown
whitelisted
6300
msiexec.exe
GET
200
95.100.110.12:80
http://sslcom.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTYOkzrrCGQj08njZXbUQQpkoUmuQQUCHbNywf%2FJPbFze27kLzihDdGdfcCEGL4EqNfUr10txjWEKxLR4M%3D
unknown
whitelisted
6300
msiexec.exe
GET
200
18.173.205.76:80
http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQg3SSkKA74hABkhmlBtJTz8w3hlAQU%2BWC71OPVNPa49QaAJadz20ZpqJ4CEEJLalPOx2YUHCpjsaUcQQQ%3D
unknown
whitelisted
6300
msiexec.exe
GET
200
18.244.18.60:80
http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
23.48.23.173:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
40.126.32.74:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1228
SIHClient.exe
172.202.163.200:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted
1228
SIHClient.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 23.48.23.173
  • 23.48.23.166
  • 23.48.23.164
  • 23.48.23.163
  • 23.48.23.161
  • 23.48.23.170
  • 23.48.23.168
  • 23.48.23.171
  • 23.48.23.169
whitelisted
google.com
  • 142.250.186.142
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 40.126.32.74
  • 20.190.160.67
  • 20.190.160.131
  • 40.126.32.138
  • 40.126.32.76
  • 20.190.160.3
  • 20.190.160.5
  • 20.190.160.128
  • 20.190.159.64
  • 40.126.31.129
  • 20.190.159.75
  • 20.190.159.4
  • 40.126.31.130
  • 40.126.31.3
  • 20.190.159.129
  • 40.126.31.73
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted
geo2.adobe.com
  • 95.100.184.205
whitelisted

Threats

No threats detected
No debug info