File name:

yuzu_install.exe

Full analysis: https://app.any.run/tasks/3049a79e-c454-41f3-a13f-e4ea44312e47
Verdict: Malicious activity
Analysis date: September 21, 2024, 20:31:36
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32+ executable (GUI) x86-64, for MS Windows
MD5:

D51D1D2718E3B9EB5651398E61D74327

SHA1:

296F84B6C276FE9E91651336DE83D3377FFA147B

SHA256:

9E894C2620D565949E0D71E181E780DDACCC5B0D2FD70EC674E913AC7549FDCF

SSDEEP:

98304:9Ap0k+ZEtzkBIDW3TFCdsnCDyXOJWvO1pD5i4By2moI3YxkTN1JItXiy+HDc:9w3dtDW30jygH7i4fI3YxkZqLy4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • yuzu_install.exe (PID: 4524)
      • .tmpOoPBuj.exe (PID: 4280)
      • MicrosoftEdgeUpdate.exe (PID: 4160)

    • Executable content was dropped or overwritten

      • yuzu_install.exe (PID: 4524)
      • .tmpOoPBuj.exe (PID: 4280)
      • MicrosoftEdgeUpdate.exe (PID: 4160)

    • Starts a Microsoft application from unusual location

      • .tmpOoPBuj.exe (PID: 4280)
      • MicrosoftEdgeUpdate.exe (PID: 4160)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 4160)

    • Potential Corporate Privacy Violation

      • svchost.exe (PID: 3980)

  • INFO

    • Create files in a temporary directory

      • yuzu_install.exe (PID: 4524)
      • .tmpOoPBuj.exe (PID: 4280)

    • Reads the computer name

      • yuzu_install.exe (PID: 4524)

    • Checks supported languages

      • yuzu_install.exe (PID: 4524)
      • .tmpOoPBuj.exe (PID: 4280)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2023:01:03 22:31:55+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.34
CodeSize: 3153408
InitializedDataSize: 7658496
UninitializedDataSize: -
EntryPoint: 0x2f9000
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 0.2.0.0
ProductVersionNumber: 0.2.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
ProductName: yuzu installer
ProductVersion: 0.2.0
OriginalFileName: yuzu_installer.exe
FileDescription: Interactive installer for yuzu
FileVersion: 0.2.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
130
Monitored processes
11
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start yuzu_install.exe .tmpoopbuj.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
1020"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
1452"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource otherinstallcmd /sessionid "{AD4B4298-0136-4624-B135-AA9034940BCE}"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2096"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.171.37\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3980C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s BITSC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
4160C:\Users\admin\AppData\Local\Temp\EUCE74.tmp\MicrosoftEdgeUpdate.exe /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Users\admin\AppData\Local\Temp\EUCE74.tmp\MicrosoftEdgeUpdate.exe
.tmpOoPBuj.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\temp\euce74.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
4280"C:\Users\admin\AppData\Local\Temp\.tmpOoPBuj.exe" /installC:\Users\admin\AppData\Local\Temp\.tmpOoPBuj.exe
yuzu_install.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\temp\.tmpoopbuj.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4524"C:\Users\admin\AppData\Local\Temp\yuzu_install.exe" C:\Users\admin\AppData\Local\Temp\yuzu_install.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Interactive installer for yuzu
Version:
0.2.0
Modules
Images
c:\users\admin\appdata\local\temp\yuzu_install.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4708"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.171.37\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
5092"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzciIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7QUQ0QjQyOTgtMDEzNi00NjI0LUIxMzUtQUE5MDM0OTQwQkNFfSIgdXNlcmlkPSJ7MzcxOUFFNTktMjAwNS00NTNBLTk0RjUtQjVENEQ4NDQ1N0JBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGQTkyQ0EzQS1CQkM0LTQ0MkYtQTRDRS02RTI5OUUwMEJCNER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zNyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjA4NjMxNTc2ODAiIGluc3RhbGxfdGltZV9tcz0iNzM0Ii8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
6476"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.171.37\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
3 976
Read events
2 478
Write events
1 464
Delete events
34

Modification events

(PID) Process:(4160) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(4160) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(4160) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(4160) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.171.37
(PID) Process:(4160) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(4160) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.171.37
(PID) Process:(4160) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateCore.exe"
(PID) Process:(4160) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_c
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001Core{B19C4E98-5C9E-4E0D-8665-61EF9DE1F050}
(PID) Process:(4160) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_ua
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001UA{0F89FCCC-4999-44B2-BE19-A86B146C7A4E}
(PID) Process:(4708) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
Executable files
202
Suspicious files
1
Text files
3
Unknown types
1

Dropped files

PID
Process
Filename
Type
4280.tmpOoPBuj.exeC:\Users\admin\AppData\Local\Temp\EUCE74.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:6127B61528965206DBB6FB2840A030ED
SHA256:7AD4C786E37AB22ACE72A613E99FB313A086B138F466E854DDA5A2FEFC1AF3C7
4280.tmpOoPBuj.exeC:\Users\admin\AppData\Local\Temp\EUCE74.tmp\MicrosoftEdgeComRegisterShellARM64.exeexecutable
MD5:F5123F139892BE31DEAB7D210A15EF4F
SHA256:691436E3FAC197330B10D3EF9866BA9D1BD86E7F5EE731F138ADD7695120EFD3
4280.tmpOoPBuj.exeC:\Users\admin\AppData\Local\Temp\EUCE74.tmp\psmachine.dllexecutable
MD5:C08639CC6D20452019376FF85BBB4CBE
SHA256:6969DB199E8BC68BFD39123D9A24A77CC511FD0BE436A3ADB22E6535B8763EC0
4280.tmpOoPBuj.exeC:\Users\admin\AppData\Local\Temp\EUCE74.tmp\MicrosoftEdgeUpdateOnDemand.exeexecutable
MD5:5E5F896E841351BAD6C2254EAD7BB76A
SHA256:011437F12B6AF1AED548D448E45C7692DEDC180D563EFC22AFFC374EBA377888
4280.tmpOoPBuj.exeC:\Users\admin\AppData\Local\Temp\EUCE74.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:97DDFCC4DBF9925A7291502C51015E43
SHA256:C00FEC19989B322E7A17F73142A56E516C41666B781D598EFAD2F07EE66F4760
4280.tmpOoPBuj.exeC:\Users\admin\AppData\Local\Temp\EUCE74.tmp\psmachine_64.dllexecutable
MD5:7A1F8F4164FC77237CA3C9E2CF76E304
SHA256:703205743078DD8CAB2E3C6CB7F613459ED4E3B74FB7141F07C7DC9DFE817EFD
4280.tmpOoPBuj.exeC:\Users\admin\AppData\Local\Temp\EUCE74.tmp\psuser.dllexecutable
MD5:F879368FDE4965C1FEA00A0DF1F481A7
SHA256:61758B419713608CBDDD218DECD317CD655CCB90B04622C9D09B699EFBB2A417
4280.tmpOoPBuj.exeC:\Users\admin\AppData\Local\Temp\EUCE74.tmp\psmachine_arm64.dllexecutable
MD5:219CF6E720643CD3A5F59A9D87FAF8D7
SHA256:0736A1E966BC5D104747D4636215B8954229BED9742DC1F0FC60D76621102AE8
4524yuzu_install.exeC:\Users\admin\AppData\Local\Temp\.tmpOoPBuj.exeexecutable
MD5:BEF60694A28373CD20F5DEBF8C938AA1
SHA256:0CDD5825454130A82FDD7F4EA9F406524B886A6A550BE49E39B4D9BB2890D83D
4280.tmpOoPBuj.exeC:\Users\admin\AppData\Local\Temp\EUCE74.tmp\psuser_64.dllexecutable
MD5:E0DFD3E4929C43E7F12C339D69749FC3
SHA256:49834B47339C8313742CF24224629FC7C46B61BF2DCE106FFA09234133CBBD76
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
27
DNS requests
15
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2120
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3980
svchost.exe
HEAD
200
23.50.131.27:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/e9dcc3d7-d24a-407d-8f74-75c3d7fd8cfe?P1=1727555513&P2=404&P3=2&P4=fvkpC8ZV9TN2our8Gf%2f0Y924TMopLP2Z%2fUps4%2fleJCXF3PbYQBR7RB1f3h8ikhLtpq%2fMamZF6yxTgV7feJc9XA%3d%3d
unknown
whitelisted
2928
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3980
svchost.exe
GET
23.50.131.27:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/e9dcc3d7-d24a-407d-8f74-75c3d7fd8cfe?P1=1727555513&P2=404&P3=2&P4=fvkpC8ZV9TN2our8Gf%2f0Y924TMopLP2Z%2fUps4%2fleJCXF3PbYQBR7RB1f3h8ikhLtpq%2fMamZF6yxTgV7feJc9XA%3d%3d
unknown
whitelisted
448
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
448
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
6440
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1932
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
20.189.173.28:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
92.123.104.62:443
Akamai International B.V.
DE
unknown
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
2928
svchost.exe
20.190.160.17:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2928
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
google.com
  • 142.250.185.238
whitelisted
login.live.com
  • 20.190.160.17
  • 20.190.160.14
  • 40.126.32.76
  • 40.126.32.72
  • 40.126.32.74
  • 40.126.32.136
  • 20.190.160.20
  • 40.126.32.138
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
msedge.api.cdp.microsoft.com
  • 4.245.161.190
whitelisted
msedge.f.tlu.dl.delivery.mp.microsoft.com
  • 23.50.131.27
  • 23.50.131.24
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted

Threats

PID
Process
Class
Message
3980
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
yuzu_install.exe