File name:

gmpublisher_2.10.4_x64_en-US.msi

Full analysis: https://app.any.run/tasks/7319b2c8-8239-4063-8710-9003340c123f
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: November 06, 2024, 10:37:00
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
generated-doc
loader
github
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: gmpublisher, Author: William Venner, Keywords: Installer, Comments: This installer database contains the logic and data required to install gmpublisher., Template: x64;1033, Revision Number: {C1BF4D10-63D0-4795-A632-932716E0391E}, Create Time/Date: Mon Sep 16 12:15:06 2024, Last Saved Time/Date: Mon Sep 16 12:15:06 2024, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
MD5:

234FBCA756F446D70AFC0993CB8A9C6C

SHA1:

4365BC007C4940FDF4ECB8EF0C839AF50FE8DB42

SHA256:

95900ADAC97B533393E9D54EE86856539210445A7DFFFD64909A50472A40429F

SSDEEP:

98304:4Bx5be0wN0YaEx0npyQw6ECfCYYgZsf3LKLu280UmRXVADN4gKOlBAImtB8qMIkt:5AGVmdSaHEsyTU+T

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 1160)

  • SUSPICIOUS

    • Executes as Windows Service

      • VSSVC.exe (PID: 5976)

    • Starts POWERSHELL.EXE for commands execution

      • msiexec.exe (PID: 2620)

    • Downloads file from URI via Powershell

      • powershell.exe (PID: 1160)

    • Manipulates environment variables

      • powershell.exe (PID: 1160)

    • Process drops legitimate windows executable

      • powershell.exe (PID: 1160)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6992)
      • MicrosoftEdgeUpdate.exe (PID: 4808)
      • MicrosoftEdge_X64_130.0.2849.56.exe (PID: 6100)
      • setup.exe (PID: 6940)

    • Executable content was dropped or overwritten

      • powershell.exe (PID: 1160)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6992)
      • MicrosoftEdgeUpdate.exe (PID: 4808)
      • MicrosoftEdge_X64_130.0.2849.56.exe (PID: 6100)
      • setup.exe (PID: 6940)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 6992)
      • MicrosoftEdgeUpdate.exe (PID: 4808)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 4808)

    • Application launched itself

      • setup.exe (PID: 6940)
      • MicrosoftEdgeUpdate.exe (PID: 6996)
      • msedgewebview2.exe (PID: 1500)

  • INFO

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 2620)
      • firefox.exe (PID: 3020)

    • Manages system restore points

      • SrTasks.exe (PID: 2416)

    • An automatically generated document

      • msiexec.exe (PID: 512)

    • The executable file from the user directory is run by the Powershell process

      • MicrosoftEdgeWebview2Setup.exe (PID: 6992)

    • Manual execution by a user

      • gmpublisher.exe (PID: 5940)
      • firefox.exe (PID: 6984)

    • Application launched itself

      • firefox.exe (PID: 6984)
      • firefox.exe (PID: 3020)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: gmpublisher
Author: William Venner
Keywords: Installer
Comments: This installer database contains the logic and data required to install gmpublisher.
Template: x64;1033
RevisionNumber: {C1BF4D10-63D0-4795-A632-932716E0391E}
CreateDate: 2024:09:16 12:15:06
ModifyDate: 2024:09:16 12:15:06
Pages: 450
Words: 2
Software: Windows Installer XML Toolset (3.11.2.4516)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
190
Monitored processes
46
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe no specs msiexec.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs powershell.exe conhost.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedge_x64_130.0.2849.56.exe setup.exe setup.exe no specs microsoftedgeupdate.exe no specs gmpublisher.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
512"C:\Windows\System32\msiexec.exe" /i C:\Users\admin\AppData\Local\Temp\gmpublisher_2.10.4_x64_en-US.msiC:\Windows\System32\msiexec.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
612"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\venner.gmpublisher\EBWebView" --webview-exe-name=gmpublisher.exe --webview-exe-version=2.10.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2380,i,9248209173995396006,1484650409542876981,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2324 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
130.0.2849.56
1160powershell.exe -windowstyle hidden Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; & $env:TEMP\MicrosoftEdgeWebview2Setup.exe /installC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
1344"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1908 -parentBuildID 20240213221259 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 30705 -prefMapSize 244343 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e1e27e8-0b43-42b6-996e-c75e6f315aa3} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 20d4c4e5710 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
1376"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\venner.gmpublisher\EBWebView" --webview-exe-name=gmpublisher.exe --webview-exe-version=2.10.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2336,i,9248209173995396006,1484650409542876981,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2416 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
130.0.2849.56
1428"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7MzI0OTRDMDItQzBCMi00MEJELThDMEUtNzQzQUUwREVDNzAyfSIgdXNlcmlkPSJ7Q0VBMTRBMkMtRTQ0RS00NjdELTg1OEMtQjhGNTQ0MjkwNzIzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBMkFGODNGNS00MTY1LTQzNDQtQkNCNy1CNzRFMURERjc4MDN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4zMSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjI3NTAwNTM0OCIgaW5zdGFsbF90aW1lX21zPSI2NTciLz48L2FwcD48L3JlcXVlc3Q-C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.31
1500"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=gmpublisher.exe --webview-exe-version=2.10.4 --user-data-dir="C:\Users\admin\AppData\Local\venner.gmpublisher\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=5940.5236.17449765200735345853C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exegmpublisher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
130.0.2849.56
1584"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.195.31
2416C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
2620C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
1 449
Read events
1 415
Write events
25
Delete events
9

Modification events

(PID) Process:(2620) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4800000000000000773967E63730DB013C0A0000941B0000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2620) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
4800000000000000773967E63730DB013C0A0000941B0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2620) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
48000000000000008668BFE63730DB013C0A0000941B0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2620) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
48000000000000008668BFE63730DB013C0A0000941B0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2620) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
48000000000000003E33C4E63730DB013C0A0000941B0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2620) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
48000000000000002699C6E63730DB013C0A0000941B0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2620) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(2620) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
4800000000000000E8E231E73730DB013C0A0000941B0000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2620) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000534634E73730DB013C0A000094150000E803000001000000000000000000000041E4E3346729F94FBD21B961E738F6D800000000000000000000000000000000
(PID) Process:(5976) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000005F6540E73730DB0158170000780F0000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
208
Suspicious files
369
Text files
75
Unknown types
29

Dropped files

PID
Process
Filename
Type
2620msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
2620msiexec.exeC:\Windows\Installer\96e5e.msi
MD5:
SHA256:
2620msiexec.exeC:\Windows\Installer\96e60.msi
MD5:
SHA256:
2620msiexec.exeC:\Windows\Temp\~DFA3108FDE24480D13.TMPbinary
MD5:564657F575FEAEF84ED0B3FF0E032B56
SHA256:127B14480481F617755E959A22CE050FC134D75943B02C1EA7DF058F28D09DB8
2620msiexec.exeC:\Windows\Temp\~DFF13E424D348CF75B.TMPgmc
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
2620msiexec.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\~mpublisher.tmplnk
MD5:C44EBA393616B2E48B5FBFCCD6E9C3FF
SHA256:7B79AD38A5A5D4AAC7D193CB6A6FD61075D42CD9572DE98D62E73ADF37A857F8
1160powershell.exeC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exeexecutable
MD5:431A51D6443439E7C3063C36E18E87D6
SHA256:726732C59F91424E8FB9280C1E773E1DB72C8607AD110113BC62C67C452154A6
2620msiexec.exeC:\Program Files\gmpublisher\gmpublisher.exeexecutable
MD5:9408F8DBC9C8A86C5EE32F7B77E0E852
SHA256:3D55B72E0FE82176D05548188EBC7427A114160F8C1F86F7BBD078B9B78E7F58
2620msiexec.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\gmpublisher.lnk~RF974f5.TMPlnk
MD5:5C19DE89C4DC77BE68B56D3F4D99BD79
SHA256:FBFBD40BE0CDDABC9DA18E6E2901C4A5757F8959D5CBCAED4D2E918C40DC8EC5
2620msiexec.exeC:\Program Files\gmpublisher\steam_api64.dllexecutable
MD5:36F023155D9357E4C9C61AF2E340ABFE
SHA256:9D6D2972C1571A2A058D79A8376E26A33D33813F29D93C3CA6E35ADADDCD56DE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
60
TCP/UDP connections
146
DNS requests
175
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
POST
200
142.250.186.67:80
http://o.pki.goog/wr2
unknown
whitelisted
POST
200
23.53.40.161:80
http://r10.o.lencr.org/
unknown
whitelisted
POST
200
23.53.40.154:80
http://r11.o.lencr.org/
unknown
whitelisted
POST
200
142.250.186.67:80
http://o.pki.goog/wr2
unknown
whitelisted
POST
200
23.53.40.161:80
http://r10.o.lencr.org/
unknown
whitelisted
GET
200
23.216.77.22:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4808
SIHClient.exe
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5356
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
92.123.104.33:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
23.216.77.22:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
5356
svchost.exe
40.126.32.72:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
www.bing.com
  • 92.123.104.33
  • 92.123.104.34
  • 92.123.104.35
  • 92.123.104.36
  • 92.123.104.37
  • 92.123.104.32
  • 92.123.104.42
  • 92.123.104.38
  • 92.123.104.31
whitelisted
google.com
  • 216.58.206.46
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl.microsoft.com
  • 23.216.77.22
  • 23.216.77.25
  • 23.216.77.35
  • 23.216.77.13
  • 23.216.77.28
  • 23.216.77.26
  • 23.216.77.37
  • 23.216.77.41
  • 23.216.77.19
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 23.32.185.131
whitelisted
login.live.com
  • 40.126.32.72
  • 40.126.32.76
  • 40.126.32.136
  • 40.126.32.138
  • 40.126.32.134
  • 40.126.32.133
  • 20.190.160.20
  • 20.190.160.22
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
th.bing.com
  • 92.123.104.32
  • 92.123.104.34
  • 92.123.104.28
  • 92.123.104.31
  • 92.123.104.33
  • 92.123.104.37
  • 92.123.104.29
  • 92.123.104.35
  • 92.123.104.30
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
gmpublisher_2.10.4_x64_en-US.msi