download:

/download/nx01wwjb2s5pk77/D-S+V.15.1.7.rar

Full analysis: https://app.any.run/tasks/63cd15bf-999f-4387-898d-1666ed1eaceb
Verdict: Malicious activity
Analysis date: January 25, 2025, 21:49:41
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
Indicators:
MIME: text/html
File info: HTML document, ASCII text, with very long lines (53194)
MD5:

98833410599A1DC65CE94327F7D83632

SHA1:

7A9C58F853A100ECF2694919E995CA88D777A552

SHA256:

9FE269DE6B21A7A3FCE39198C7D4FDA6E20FB0D004BB4C26357C3F3C3308A180

SSDEEP:

3072:+iFgAkHnjPoLca0iaW+LN7DxRLlzglKbVfdk:LgAkHnjPoQa0iCN7jBbVfdk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • PreInstall.exe (PID: 7604)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • digPF15_1_7.exe (PID: 6224)

    • Creates a software uninstall entry

      • PF-15.1.7_x86.exe (PID: 2744)
      • PreInstall.exe (PID: 7604)

    • Executable content was dropped or overwritten

      • PF-15.1.7_x86.exe (PID: 2744)
      • setupPF.exe (PID: 7692)

    • The process creates files with name similar to system file names

      • PF-15.1.7_x86.exe (PID: 2744)
      • setupPF.exe (PID: 7692)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • PF-15.1.7_x86.exe (PID: 2744)
      • setupPF.exe (PID: 7692)

    • There is functionality for taking screenshot (YARA)

      • PF-15.1.7_x86.exe (PID: 2744)
      • setupPF.exe (PID: 7692)
      • PreInstall.exe (PID: 7604)

  • INFO

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 3992)

    • Application launched itself

      • firefox.exe (PID: 6480)
      • firefox.exe (PID: 6500)

    • Reads security settings of Internet Explorer

      • OpenWith.exe (PID: 3992)

    • Reads the computer name

      • digPF15_1_7.exe (PID: 6224)
      • PreInstall.exe (PID: 7604)
      • setupPF.exe (PID: 7692)

    • Checks supported languages

      • digPF15_1_7.exe (PID: 6224)
      • PreInstall.exe (PID: 7604)
      • PF-15.1.7_x86.exe (PID: 2744)
      • setupPF.exe (PID: 7692)

    • Manual execution by a user

      • WinRAR.exe (PID: 7044)
      • PF-15.1.7_x86.exe (PID: 5556)
      • digPF15_1_7.exe (PID: 6224)
      • PF-15.1.7_x86.exe (PID: 2744)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7044)
      • firefox.exe (PID: 6500)

    • UPX packer has been detected

      • digPF15_1_7.exe (PID: 6224)

    • The sample compiled with english language support

      • PF-15.1.7_x86.exe (PID: 2744)

    • Create files in a temporary directory

      • PreInstall.exe (PID: 7604)
      • PF-15.1.7_x86.exe (PID: 2744)
      • setupPF.exe (PID: 7692)

    • The sample compiled with german language support

      • PF-15.1.7_x86.exe (PID: 2744)

    • Creates files in the program directory

      • setupPF.exe (PID: 7692)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.aiml | Artificial Intelligence Markup Language (82.8)
.html | HyperText Markup Language (17.1)

EXIF

HTML

HTTPEquivXUaCompatible: ie=edge
Viewport: width=device-width, initial-scale=1, shrink-to-fit=no
Title: D-S V.15.1.7
Keywords: online storage, free storage, cloud Storage, collaboration, backup file Sharing, share Files, photo backup, photo sharing, ftp replacement, cross platform, remote access, mobile access, send large files, recover files, file versioning, undelete, Windows, PC, Mac, OS X, Linux, iPhone, iPad, Android
Description: MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
Robots: noindex,nofollow
GoogleBot: noindex,nofollow
Slurp: noindex,nofollow
GoogleTranslateCustomization: 5587c1b0a958bf07-62a8e309de686e87-gc92f61279a2c8524-11
TwitterCard: summary_large_image
TwitterSite: @MediaFire
TwitterUrl: https://www.mediafire.com/file/nx01wwjb2s5pk77/D-S_V.15.1.7.rar/file
TwitterTitle: D-S V.15.1.7
TwitterImage: https://static.mediafire.com/images/filetype/download/zip.jpg
TwitterDescription: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
151
Monitored processes
24
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start openwith.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs svchost.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs winrar.exe rundll32.exe no specs digpf15_1_7.exe no specs pf-15.1.7_x86.exe no specs pf-15.1.7_x86.exe preinstall.exe setuppf.exe

Process information

PID
CMD
Path
Indicators
Parent process
2192C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2744"C:\Users\admin\Desktop\D-S V.15.1.7\PF-15.1.7_x86.exe" C:\Users\admin\Desktop\D-S V.15.1.7\PF-15.1.7_x86.exe
explorer.exe
User:
admin
Company:
DIgSILENT GmbH
Integrity Level:
HIGH
Description:
PowerFactory SelfExtracting Installer
Version:
PowerFactory 15.1.7
Modules
Images
c:\users\admin\desktop\d-s v.15.1.7\pf-15.1.7_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3992"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\D-S+V.15.1.7.rar.aimlC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4308"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4944 -childID 3 -isForBrowser -prefsHandle 4428 -prefMapHandle 4936 -prefsLen 38229 -prefMapSize 244583 -jsInitHandle 1500 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64e33487-33e7-40c4-a2c4-ed0482b6924f} 6500 "\\.\pipe\gecko-crash-server-pipe.6500" 2c4e1346150 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
4400"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3156 -childID 2 -isForBrowser -prefsHandle 4244 -prefMapHandle 4428 -prefsLen 36588 -prefMapSize 244583 -jsInitHandle 1500 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {202f82fb-1823-47d2-895a-987cae47acaf} 6500 "\\.\pipe\gecko-crash-server-pipe.6500" 2c4de1924d0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\msvcp140.dll
5192"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5776 -childID 7 -isForBrowser -prefsHandle 5912 -prefMapHandle 5908 -prefsLen 31324 -prefMapSize 244583 -jsInitHandle 1500 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0b6f687-2d33-4832-95e8-dd8ac1103711} 6500 "\\.\pipe\gecko-crash-server-pipe.6500" 2c4dffbb150 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\msvcp140.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\crypt32.dll
5464"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 5 -isForBrowser -prefsHandle 5288 -prefMapHandle 5368 -prefsLen 31243 -prefMapSize 244583 -jsInitHandle 1500 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b26a659-9859-4d7e-b482-b9cc659e4312} 6500 "\\.\pipe\gecko-crash-server-pipe.6500" 2c4e10d5d90 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
5556"C:\Users\admin\Desktop\D-S V.15.1.7\PF-15.1.7_x86.exe" C:\Users\admin\Desktop\D-S V.15.1.7\PF-15.1.7_x86.exeexplorer.exe
User:
admin
Company:
DIgSILENT GmbH
Integrity Level:
MEDIUM
Description:
PowerFactory SelfExtracting Installer
Exit code:
3221226540
Version:
PowerFactory 15.1.7
Modules
Images
c:\users\admin\desktop\d-s v.15.1.7\pf-15.1.7_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6200"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 4 -isForBrowser -prefsHandle 5380 -prefMapHandle 5168 -prefsLen 31243 -prefMapSize 244583 -jsInitHandle 1500 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2be5b968-199d-4c40-a302-4c517438d7f2} 6500 "\\.\pipe\gecko-crash-server-pipe.6500" 2c4e10d5bd0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
6224"C:\Users\admin\Desktop\D-S V.15.1.7\digPF15_1_7.exe" C:\Users\admin\Desktop\D-S V.15.1.7\digPF15_1_7.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\d-s v.15.1.7\digpf15_1_7.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
23 444
Read events
23 365
Write events
77
Delete events
2

Modification events

(PID) Process:(6500) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(7044) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(7044) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(7044) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Downloads\D-S V.15.1.7.rar
(PID) Process:(7044) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(7044) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(7044) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(7044) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(7044) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(7044) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:name
Value:
256
Executable files
37
Suspicious files
237
Text files
1 183
Unknown types
2

Dropped files

PID
Process
Filename
Type
6500firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
6500firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-child-current.binbinary
MD5:C95DDC2B1A525D1A243E4C294DA2F326
SHA256:3A5919E086BFB31E36110CF636D2D5109EB51F2C410B107F126126AB25D67363
6500firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\protections.sqlite-journalbinary
MD5:EE3E9B69C4A2001E4EA4C6A413D85E45
SHA256:1CC6E83D47C9F851CA408372E56AA43AC480B326D380713AD4A062F2AEE50BE5
6500firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6500firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
6500firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
6500firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\places.sqlite-walbinary
MD5:A086AEA3886F5C679A314289999C0A19
SHA256:1BA506B9EB346843D0DEA1D7A5E07F118B84E05BA51D00C16F02DF7E62D060F5
6500firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\SiteSecurityServiceState.binbinary
MD5:74EDD69D6CE710A6F0763A526EDB9037
SHA256:3B7F92272E9BA15F9C2E6EBE287CAAA858E9CD77759974C3002A3F7B5CA5F14C
6500firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\datareporting\glean\db\data.safe.binbinary
MD5:C78F36BF78A74A5C37232FA18305FA6E
SHA256:319C730AC6614FDCE611894E281CBE1B5E1A304DCD812D6B642D3BE978E82EEC
6500firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
42
TCP/UDP connections
139
DNS requests
196
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.48.23.160:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6500
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
6500
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
6500
firefox.exe
POST
200
184.24.77.53:80
http://r11.o.lencr.org/
unknown
whitelisted
6500
firefox.exe
POST
200
184.24.77.54:80
http://r10.o.lencr.org/
unknown
whitelisted
6500
firefox.exe
POST
200
184.24.77.53:80
http://r11.o.lencr.org/
unknown
whitelisted
6500
firefox.exe
POST
200
142.250.185.99:80
http://o.pki.goog/s/wr3/jLM
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1016
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4712
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5064
SearchApp.exe
104.126.37.160:443
www.bing.com
Akamai International B.V.
DE
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.48.23.160:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
1016
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
104.126.37.136:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1176
svchost.exe
20.190.159.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
whitelisted
www.bing.com
  • 104.126.37.160
  • 104.126.37.136
  • 104.126.37.147
  • 104.126.37.129
  • 104.126.37.139
  • 104.126.37.145
  • 104.126.37.163
  • 104.126.37.130
  • 104.126.37.155
whitelisted
google.com
  • 142.250.184.206
whitelisted
crl.microsoft.com
  • 23.48.23.160
  • 23.48.23.175
  • 23.48.23.156
  • 23.48.23.169
  • 23.48.23.173
  • 23.48.23.162
  • 23.48.23.145
  • 23.48.23.143
  • 23.48.23.171
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
login.live.com
  • 20.190.159.68
  • 40.126.31.69
  • 40.126.31.71
  • 20.190.159.75
  • 20.190.159.73
  • 20.190.159.71
  • 20.190.159.64
  • 40.126.31.67
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 23.215.0.132
  • 96.7.128.186
  • 96.7.128.192
  • 23.215.0.133
whitelisted

Threats

PID
Process
Class
Message
2192
svchost.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2192
svchost.exe
Potentially Bad Traffic
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
2192
svchost.exe
Potentially Bad Traffic
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
2192
svchost.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2192
svchost.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2192
svchost.exe
Potentially Bad Traffic
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
2192
svchost.exe
Potentially Bad Traffic
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
Process
Message
PreInstall.exe
LoadString Hover for Dlg
PreInstall.exe
Reset Hover for Dlg
PreInstall.exe
LoadString Hover for Dlg
PreInstall.exe
Reset Hover for Dlg
PreInstall.exe
CButtonST::OnDrawBorder:m_bMouseOnButton && m_iDrawBorder & 2 && m_bIsFlat ==TRUE
PreInstall.exe
LoadString Hover for Dlg
PreInstall.exe
CPFButtonST::CancelHover
PreInstall.exe
CButtonST::OnMouseLeave
PreInstall.exe
CButtonST::CancelHover
PreInstall.exe
Reset Hover for Dlg
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/download/nx01wwjb2s5pk77/D-S+V.15.1.7.rar