URL:

https://meshcentral.com/downloads.html

Full analysis: https://app.any.run/tasks/0a328a24-0a81-4f08-af04-3edf56e1f61f
Verdict: Malicious activity
Analysis date: December 08, 2024, 11:10:18
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
qrcode
arch-scr
arch-doc
arch-html
arch-exec
Indicators:
MD5:

910CAAADF924B9EE6930067D86C4AABF

SHA1:

7F8CD4B1CAFAE3CDB1CEC0D31A6FA190C285298A

SHA256:

A27AD4AA1CC65F33C6112D2155BB68C8762A53EC6A821621E7A095EA11065EF6

SSDEEP:

3:N86GIkxKXLQ:26GIfs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Starts NET.EXE for service management

      • net.exe (PID: 1540)
      • wscript.exe (PID: 7276)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • MeshCentralInstaller.exe (PID: 8152)
      • msiexec.exe (PID: 6396)
      • msiexec.exe (PID: 7768)

    • Reads Internet Explorer settings

      • MeshCentralInstaller.exe (PID: 8152)

    • Reads the date of Windows installation

      • MeshCentralInstaller.exe (PID: 8152)

    • Starts CMD.EXE for commands execution

      • MeshCentralInstaller.exe (PID: 8152)
      • cmd.exe (PID: 2904)
      • cmd.exe (PID: 2124)
      • node.exe (PID: 6116)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 2224)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 2224)

    • Executes script using NodeJS

      • node.exe (PID: 7760)
      • node.exe (PID: 5920)
      • node.exe (PID: 7420)
      • node.exe (PID: 6116)
      • node.exe (PID: 3796)

    • Uses WEVTUTIL.EXE to install publishers and event logs from the manifest

      • wevtutil.exe (PID: 1348)
      • msiexec.exe (PID: 7768)

    • Application launched itself

      • cmd.exe (PID: 2904)
      • cmd.exe (PID: 2124)

    • Executing commands from ".cmd" file

      • MeshCentralInstaller.exe (PID: 8152)
      • node.exe (PID: 6116)

    • Executable content was dropped or overwritten

      • node.exe (PID: 5920)
      • node.exe (PID: 6116)

    • The process creates files with name similar to system file names

      • node.exe (PID: 5920)

    • Starts NET.EXE to display or manage information about active sessions

      • cmd.exe (PID: 5472)
      • net.exe (PID: 7404)
      • cmd.exe (PID: 7856)
      • net.exe (PID: 4824)

    • Runs WScript without displaying logo

      • wscript.exe (PID: 6924)
      • wscript.exe (PID: 7276)

    • The process executes VB scripts

      • cmd.exe (PID: 3172)
      • cmd.exe (PID: 7912)

    • Runs shell command (SCRIPT)

      • wscript.exe (PID: 6924)
      • wscript.exe (PID: 7276)

    • Creates or modifies Windows services

      • meshcentral.exe (PID: 7844)

  • INFO

    • Checks supported languages

      • identity_helper.exe (PID: 8032)
      • MeshCentralInstaller.exe (PID: 8152)
      • msiexec.exe (PID: 2224)
      • msiexec.exe (PID: 6396)
      • msiexec.exe (PID: 6416)
      • msiexec.exe (PID: 7768)
      • node.exe (PID: 7760)
      • node.exe (PID: 5920)
      • node.exe (PID: 7420)
      • node.exe (PID: 3796)
      • node.exe (PID: 6116)
      • meshcentral.exe (PID: 7844)

    • Reads Environment values

      • identity_helper.exe (PID: 8032)
      • MeshCentralInstaller.exe (PID: 8152)
      • node.exe (PID: 7760)
      • node.exe (PID: 7420)
      • node.exe (PID: 5920)
      • node.exe (PID: 6116)
      • node.exe (PID: 3796)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6832)
      • msedge.exe (PID: 6476)
      • msiexec.exe (PID: 2224)
      • msedge.exe (PID: 2084)

    • Reads the computer name

      • identity_helper.exe (PID: 8032)
      • MeshCentralInstaller.exe (PID: 8152)
      • msiexec.exe (PID: 6416)
      • msiexec.exe (PID: 6396)
      • msiexec.exe (PID: 2224)
      • node.exe (PID: 7760)
      • msiexec.exe (PID: 7768)
      • node.exe (PID: 7420)
      • node.exe (PID: 5920)
      • node.exe (PID: 3796)
      • meshcentral.exe (PID: 7844)

    • The process uses the downloaded file

      • msedge.exe (PID: 5788)
      • msedge.exe (PID: 6476)
      • MeshCentralInstaller.exe (PID: 8152)
      • cmd.exe (PID: 7740)
      • wscript.exe (PID: 6924)
      • wscript.exe (PID: 7276)

    • Reads the machine GUID from the registry

      • MeshCentralInstaller.exe (PID: 8152)
      • msiexec.exe (PID: 2224)
      • meshcentral.exe (PID: 7844)

    • Application launched itself

      • msedge.exe (PID: 6476)
      • msiexec.exe (PID: 2224)

    • Create files in a temporary directory

      • MeshCentralInstaller.exe (PID: 8152)

    • Disables trace logs

      • MeshCentralInstaller.exe (PID: 8152)

    • Checks proxy server information

      • MeshCentralInstaller.exe (PID: 8152)

    • Reads the software policy settings

      • MeshCentralInstaller.exe (PID: 8152)
      • msiexec.exe (PID: 2224)

    • Process checks computer location settings

      • MeshCentralInstaller.exe (PID: 8152)
      • node.exe (PID: 3796)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 2224)
      • node.exe (PID: 7760)
      • node.exe (PID: 5920)
      • node.exe (PID: 7420)
      • node.exe (PID: 3796)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 2224)

    • Creates files in the program directory

      • MeshCentralInstaller.exe (PID: 8152)
      • node.exe (PID: 5920)
      • node.exe (PID: 3796)
      • node.exe (PID: 6116)

    • Reads product name

      • node.exe (PID: 7760)
      • node.exe (PID: 7420)
      • node.exe (PID: 5920)
      • node.exe (PID: 3796)
      • node.exe (PID: 6116)

    • Drops encrypted VBS script (Microsoft Script Encoder)

      • node.exe (PID: 7760)
      • node.exe (PID: 5920)
      • node.exe (PID: 3796)
      • node.exe (PID: 7420)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • node.exe (PID: 7760)
      • node.exe (PID: 5920)
      • node.exe (PID: 7420)
      • node.exe (PID: 3796)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
222
Monitored processes
89
Malicious processes
4
Suspicious processes
7

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs meshcentralinstaller.exe no specs meshcentralinstaller.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs msiexec.exe no specs msiexec.exe msiexec.exe no specs msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msiexec.exe no specs wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs node.exe no specs node.exe msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs node.exe no specs node.exe msedge.exe node.exe conhost.exe no specs cmd.exe no specs net.exe no specs net1.exe no specs cmd.exe no specs wscript.exe no specs meshcentral.exe no specs conhost.exe no specs msedge.exe no specs cmd.exe no specs net.exe no specs net1.exe no specs cmd.exe no specs wscript.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
420C:\WINDOWS\system32\cmd.exe /c CALL "C:\Program Files\nodejs\\node.exe" "C:\Program Files\nodejs\\node_modules\npm\bin\npm-cli.js" prefix -gC:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
876"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6524 --field-trial-handle=2324,i,584853141892100706,5944349022783765898,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1216\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exewevtutil.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1348"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"C:\Windows\SysWOW64\wevtutil.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Eventing Command Line Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcp_win.dll
c:\windows\syswow64\ucrtbase.dll
1400C:\WINDOWS\system32\net1 START "meshcentral.exe"C:\Windows\System32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\samcli.dll
c:\windows\system32\dsrole.dll
1540"C:\Windows\System32\net.exe" START "meshcentral.exe"C:\Windows\System32\net.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\mpr.dll
1988"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7900 --field-trial-handle=2324,i,584853141892100706,5944349022783765898,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2084"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7908 --field-trial-handle=2324,i,584853141892100706,5944349022783765898,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2124C:\WINDOWS\system32\cmd.exe /c ""C:\Program Files\nodejs\npm.cmd" install --no-package-lock --no-optional --save node-windows@0.1.14 loadavg-windows@1.1.1"C:\Windows\System32\cmd.exeMeshCentralInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
2212"C:\Users\admin\Downloads\MeshCentralInstaller.exe" C:\Users\admin\Downloads\MeshCentralInstaller.exemsedge.exe
User:
admin
Company:
Open Source
Integrity Level:
MEDIUM
Description:
MeshCentral Server Installer
Exit code:
3221226540
Version:
2.11.8998.25524
Modules
Images
c:\users\admin\downloads\meshcentralinstaller.exe
c:\windows\system32\ntdll.dll
Total events
20 011
Read events
17 231
Write events
2 772
Delete events
8

Modification events

(PID) Process:(6476) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6476) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6476) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6476) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6476) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
B199D09356872F00
(PID) Process:(6476) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
57C0DD9356872F00
(PID) Process:(6476) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328370
Operation:writeName:WindowTabManagerFileMappingId
Value:
{F5DD6957-78FC-486E-9203-249BAB5BA85B}
(PID) Process:(6476) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328370
Operation:writeName:WindowTabManagerFileMappingId
Value:
{CCD3F416-A742-451B-902F-8FAD323A1938}
(PID) Process:(6476) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
6F0F1D9456872F00
(PID) Process:(6476) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles
Operation:writeName:EnhancedLinkOpeningDefault
Value:
Default
Executable files
49
Suspicious files
2 817
Text files
1 235
Unknown types
4

Dropped files

PID
Process
Filename
Type
6476msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1353ff.TMP
MD5:
SHA256:
6476msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6476msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1353ff.TMP
MD5:
SHA256:
6476msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1353ff.TMP
MD5:
SHA256:
6476msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6476msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6476msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1353ff.TMP
MD5:
SHA256:
6476msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6476msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF13542e.TMP
MD5:
SHA256:
6476msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
53
TCP/UDP connections
94
DNS requests
75
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1488
svchost.exe
GET
200
2.19.217.218:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1488
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2224
msiexec.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D
unknown
whitelisted
7080
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7244
SIHClient.exe
GET
200
2.19.217.218:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7244
SIHClient.exe
GET
200
2.19.217.218:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5548
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1733958367&P2=404&P3=2&P4=l%2bsVKheRicakDIzZ7WH6WBrmuPcPerbZZ3VB1C8TbWzSXYZb1ORqDRbRxrq7FyHoU23%2biN1fPlureb8SV1U0yw%3d%3d
unknown
whitelisted
2224
msiexec.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAOO2y%2FG5AVzGnYPFRYUTIU%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
23.212.110.179:443
www.bing.com
Akamai International B.V.
CZ
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1488
svchost.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1488
svchost.exe
2.19.217.218:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
6832
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6476
msedge.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
www.bing.com
  • 23.212.110.179
  • 23.212.110.187
  • 23.212.110.211
  • 23.212.110.200
  • 23.212.110.184
  • 23.212.110.185
  • 23.212.110.208
  • 23.212.110.203
  • 23.212.110.202
  • 2.23.209.140
  • 2.23.209.148
  • 2.23.209.187
  • 2.23.209.176
  • 2.23.209.179
  • 2.23.209.189
  • 2.23.209.130
  • 2.23.209.185
  • 2.23.209.177
  • 2.23.209.149
  • 2.23.209.182
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 2.19.217.218
whitelisted
google.com
  • 172.217.16.206
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
meshcentral.com
  • 185.199.110.153
  • 185.199.109.153
  • 185.199.108.153
  • 185.199.111.153
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://meshcentral.com/downloads.html