File name:

SimplyFile5_setup.exe

Full analysis: https://app.any.run/tasks/f900ced1-e80c-4d94-8656-a3b272f30cdc
Verdict: Malicious activity
Analysis date: January 28, 2025, 11:46:52
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

CC1CAAD80362977FE3FCD7CFC5789D4B

SHA1:

13D1CE40C295D7354DACC98DFD08B67CB5C6C439

SHA256:

98437E3A4B8B92F64BF31D4A3EF6447187CA56DF9F6BDBB3B72390391FA43FA7

SSDEEP:

98304:tIj6tQHK2JcMC+ryd5k2oe8bTAgwlgIlx9ddzwE5oWg1hlrKGxOBMR83KdWHxvAX:/0v4ih

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • SimplyFile5_setup.exe (PID: 6296)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • SimplyFile5_setup.exe (PID: 6296)

    • Executable content was dropped or overwritten

      • SimplyFile5_setup.exe (PID: 6296)

    • There is functionality for taking screenshot (YARA)

      • SimplyFile5_setup.exe (PID: 6296)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 3060)
      • regsvr32.exe (PID: 5696)

    • Reads security settings of Internet Explorer

      • SimplyFile5_setup.exe (PID: 6296)

    • Creates a software uninstall entry

      • SimplyFile5_setup.exe (PID: 6296)

    • The process creates files with name similar to system file names

      • SimplyFile5_setup.exe (PID: 6296)

  • INFO

    • The sample compiled with english language support

      • SimplyFile5_setup.exe (PID: 6296)
      • msedge.exe (PID: 4624)

    • Creates files or folders in the user directory

      • SimplyFile5_setup.exe (PID: 6296)

    • Reads the computer name

      • SimplyFile5_setup.exe (PID: 6296)
      • identity_helper.exe (PID: 5432)

    • Checks supported languages

      • SimplyFile5_setup.exe (PID: 6296)
      • identity_helper.exe (PID: 5432)

    • SQLite executable

      • SimplyFile5_setup.exe (PID: 6296)

    • Create files in a temporary directory

      • SimplyFile5_setup.exe (PID: 6296)

    • Reads Environment values

      • identity_helper.exe (PID: 5432)

    • Manual execution by a user

      • OUTLOOK.EXE (PID: 6368)

    • Application launched itself

      • msedge.exe (PID: 5684)

    • Reads Internet Explorer settings

      • OUTLOOK.EXE (PID: 6368)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 4624)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 22:50:46+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23552
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x323c
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 5.4.19.5419
ProductVersionNumber: 5.4.19.5419
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: TechHit
FileDescription: SimplyFile v5 Installer
FileVersion: 5.4.19.5419
LegalCopyright: Copyright © 2025 TechHit
ProductName: TechHit SimplyFile for Microsoft Outlook
ProductVersion: 5.4.19.5419
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
193
Monitored processes
52
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start simplyfile5_setup.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs outlook.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
396"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5428 --field-trial-handle=2512,i,14537245243374550480,16411305216167325476,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
644"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4612 --field-trial-handle=2512,i,14537245243374550480,16411305216167325476,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
936"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5952 --field-trial-handle=2512,i,14537245243374550480,16411305216167325476,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1020"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5780 --field-trial-handle=2512,i,14537245243374550480,16411305216167325476,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3920 --field-trial-handle=2512,i,14537245243374550480,16411305216167325476,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5592 --field-trial-handle=2512,i,14537245243374550480,16411305216167325476,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6352 --field-trial-handle=2512,i,14537245243374550480,16411305216167325476,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1480"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3804 --field-trial-handle=2512,i,14537245243374550480,16411305216167325476,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1488"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2508 --field-trial-handle=2512,i,14537245243374550480,16411305216167325476,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1512"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4208 --field-trial-handle=2512,i,14537245243374550480,16411305216167325476,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
15 431
Read events
14 933
Write events
439
Delete events
59

Modification events

(PID) Process:(6296) SimplyFile5_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\SimplyFile.Connect
Operation:writeName:FriendlyName
Value:
TechHit SimplyFile for Microsoft Outlook
(PID) Process:(6296) SimplyFile5_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\SimplyFile.Connect
Operation:writeName:Description
Value:
SimplyFile - The easiest way to keep your mailbox under control
(PID) Process:(6296) SimplyFile5_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\SimplyFile.Connect
Operation:writeName:LoadBehavior
Value:
3
(PID) Process:(6296) SimplyFile5_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SimplyFile
Operation:writeName:DisplayName
Value:
SimplyFile v5 (remove only)
(PID) Process:(6296) SimplyFile5_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SimplyFile
Operation:writeName:DisplayIcon
Value:
"C:\Users\admin\AppData\Local\TechHit\SimplyFile\Bin\uninstall.exe",-0
(PID) Process:(6296) SimplyFile5_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SimplyFile
Operation:writeName:UninstallString
Value:
"C:\Users\admin\AppData\Local\TechHit\SimplyFile\Bin\uninstall.exe"
(PID) Process:(6296) SimplyFile5_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SimplyFile
Operation:writeName:Publisher
Value:
TechHit
(PID) Process:(6296) SimplyFile5_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SimplyFile
Operation:writeName:URLInfoAbout
Value:
http://www.techhit.com/
(PID) Process:(6296) SimplyFile5_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SimplyFile
Operation:writeName:HelpLink
Value:
http://www.techhit.com/
(PID) Process:(6296) SimplyFile5_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SimplyFile
Operation:writeName:URLUpdateInfo
Value:
http://www.techhit.com/SimplyFile/
Executable files
26
Suspicious files
243
Text files
60
Unknown types
1

Dropped files

PID
Process
Filename
Type
6296SimplyFile5_setup.exeC:\Users\admin\AppData\Local\Temp\nsd8532.tmp
MD5:
SHA256:
5684msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:1E9E15EF6E531C4557100F20C9C76F01
SHA256:46CB063CC268B69B172660F166C4394D5B4EDD802388B3EC16766DEBDB9F86C3
6296SimplyFile5_setup.exeC:\Users\admin\AppData\Local\TechHit\SimplyFile\Bin\Tilwsf.dllexecutable
MD5:A73231BC58F011197CBCD7B4CD0BA230
SHA256:1CA549AE30DB689A10141B017F917A133F5FE1975550755646D64014AA03AF90
6296SimplyFile5_setup.exeC:\Users\admin\AppData\Local\TechHit\SimplyFile\Bin\license.rtftext
MD5:F743DC08A4C1CCB0D454021323C9619E
SHA256:2238C85E0598639504F5BD4FD4941C472215D3DD00ED69918E90A9194B5F1BA7
6296SimplyFile5_setup.exeC:\Users\admin\AppData\Local\Temp\nsd861D.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
6296SimplyFile5_setup.exeC:\Users\admin\AppData\Local\TechHit\SimplyFile\Bin\SimplyFile.dllexecutable
MD5:367B5C3B58CEA357891DB30797472E0F
SHA256:40A7E666FF16E7487B4963B5531191372E6E183C1883007D320AB08A0568EC8D
6296SimplyFile5_setup.exeC:\Users\admin\AppData\Local\TechHit\SimplyFile\Bin\ReleaseLicense.exeexecutable
MD5:85C667EF17657F8AF2B60E00377CACE4
SHA256:AE4117C3E0B12F49FD120F5F98DF30E348FC5D2FCB1D75ED8CC85C93751677E0
6296SimplyFile5_setup.exeC:\Users\admin\AppData\Local\TechHit\SimplyFile\Bin\install.logtext
MD5:C5D480EE2705D10406F8F2E7FC56D363
SHA256:50FB6F2511729BF35A1E505EC2A410738A5E66FED3216A0118BFCBBA12B8883B
6296SimplyFile5_setup.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimplyFile\SimplyFile - How to start.lnkbinary
MD5:B00DCAF9BEDFFCA094DBF920D31B07FB
SHA256:0670DDB50E01D1F3DEE66D6D1A1A299FC47C35DBF72D1E115AFC863F394125AD
6296SimplyFile5_setup.exeC:\Users\admin\AppData\Local\TechHit\SimplyFile\Bin\uninstall.exeexecutable
MD5:3293125F1E00AF9DC73796301B9C5932
SHA256:47CE34C94840F9D88BD7ACCCEDB578A4174A6B2AE5503C6B0BAD3414636242B6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
43
TCP/UDP connections
119
DNS requests
107
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6072
svchost.exe
GET
200
92.123.18.100:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6072
svchost.exe
GET
200
2.16.164.51:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6292
SIHClient.exe
GET
200
92.123.18.100:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6292
SIHClient.exe
GET
200
92.123.18.100:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6404
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
1080
svchost.exe
HEAD
200
23.32.238.139:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1738141956&P2=404&P3=2&P4=KwKaOr5jcfIB9ByPqhA565F04r3nRMeiHyBC8APeysWH3ZmrQS64SqkcZhuwMxTsZhSCP6V%2fjGMSJKmmyeh84A%3d%3d
unknown
whitelisted
1080
svchost.exe
GET
206
23.32.238.139:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1738141956&P2=404&P3=2&P4=KwKaOr5jcfIB9ByPqhA565F04r3nRMeiHyBC8APeysWH3ZmrQS64SqkcZhuwMxTsZhSCP6V%2fjGMSJKmmyeh84A%3d%3d
unknown
whitelisted
1080
svchost.exe
GET
206
23.32.238.139:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1738141956&P2=404&P3=2&P4=KwKaOr5jcfIB9ByPqhA565F04r3nRMeiHyBC8APeysWH3ZmrQS64SqkcZhuwMxTsZhSCP6V%2fjGMSJKmmyeh84A%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4712
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6072
svchost.exe
2.16.164.51:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
6072
svchost.exe
92.123.18.100:80
www.microsoft.com
AKAMAI-AS
AT
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.21.65.154:443
www.bing.com
Akamai International B.V.
NL
whitelisted
1076
svchost.exe
184.28.89.167:443
go.microsoft.com
AKAMAI-AS
US
whitelisted
5064
SearchApp.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
40.126.31.67:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.238
whitelisted
crl.microsoft.com
  • 2.16.164.51
  • 2.16.164.114
  • 2.16.164.106
  • 2.16.164.18
  • 2.16.164.9
whitelisted
www.microsoft.com
  • 92.123.18.100
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.21.65.154
  • 2.21.65.132
  • 2.21.65.153
  • 104.126.37.139
  • 104.126.37.144
  • 104.126.37.128
  • 104.126.37.186
  • 104.126.37.146
  • 104.126.37.131
  • 104.126.37.185
  • 104.126.37.123
  • 104.126.37.137
  • 104.126.37.168
  • 104.126.37.176
  • 104.126.37.170
  • 104.126.37.153
  • 104.126.37.160
  • 104.126.37.171
  • 104.126.37.162
  • 104.126.37.154
  • 104.126.37.163
whitelisted
go.microsoft.com
  • 184.28.89.167
  • 23.35.238.131
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
login.live.com
  • 40.126.31.67
  • 20.190.159.64
  • 40.126.31.73
  • 20.190.159.0
  • 20.190.159.23
  • 20.190.159.73
  • 20.190.159.75
  • 20.190.159.71
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted

Threats

PID
Process
Class
Message
4308
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
4308
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
4308
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
4308
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SimplyFile5_setup.exe