File name:

geometry dash auto speedhack.exe

Full analysis: https://app.any.run/tasks/fe16a7a1-6727-4b04-b39b-b968f7d0c31d
Verdict: Malicious activity
Analysis date: July 18, 2025, 12:10:49
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
memz
mbr
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

19DBEC50735B5F2A72D4199C4E184960

SHA1:

6FED7732F7CB6F59743795B2AB154A3676F4C822

SHA256:

A3D5715A81F2FBEB5F76C88C9C21EEEE87142909716472F911FF6950C790C24D

SSDEEP:

192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3rC:sMVSaSEglcIqq3agmLc+6gyWqFCje

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • MEMZ has been detected (YARA)

      • geometry dash auto speedhack.exe (PID: 7116)
      • geometry dash auto speedhack.exe (PID: 6160)
      • geometry dash auto speedhack.exe (PID: 2492)
      • geometry dash auto speedhack.exe (PID: 4380)
      • geometry dash auto speedhack.exe (PID: 1160)
      • geometry dash auto speedhack.exe (PID: 4100)
      • geometry dash auto speedhack.exe (PID: 1328)

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • geometry dash auto speedhack.exe (PID: 7116)
      • geometry dash auto speedhack.exe (PID: 6160)
      • geometry dash auto speedhack.exe (PID: 2492)
      • geometry dash auto speedhack.exe (PID: 4380)
      • geometry dash auto speedhack.exe (PID: 4100)
      • geometry dash auto speedhack.exe (PID: 1160)
      • geometry dash auto speedhack.exe (PID: 1328)

    • Reads security settings of Internet Explorer

      • geometry dash auto speedhack.exe (PID: 7116)
      • geometry dash auto speedhack.exe (PID: 1160)

    • Application launched itself

      • geometry dash auto speedhack.exe (PID: 7116)

    • Creates file in the systems drive root

      • geometry dash auto speedhack.exe (PID: 1160)
      • notepad.exe (PID: 6304)

    • Start notepad (likely ransomware note)

      • geometry dash auto speedhack.exe (PID: 1160)

  • INFO

    • Checks supported languages

      • geometry dash auto speedhack.exe (PID: 7116)
      • geometry dash auto speedhack.exe (PID: 6160)
      • geometry dash auto speedhack.exe (PID: 4380)
      • geometry dash auto speedhack.exe (PID: 2492)
      • geometry dash auto speedhack.exe (PID: 4100)
      • geometry dash auto speedhack.exe (PID: 1328)
      • geometry dash auto speedhack.exe (PID: 1160)

    • Reads the computer name

      • geometry dash auto speedhack.exe (PID: 7116)
      • geometry dash auto speedhack.exe (PID: 1160)
      • geometry dash auto speedhack.exe (PID: 6160)
      • geometry dash auto speedhack.exe (PID: 4380)
      • geometry dash auto speedhack.exe (PID: 1328)
      • geometry dash auto speedhack.exe (PID: 4100)
      • geometry dash auto speedhack.exe (PID: 2492)

    • Process checks computer location settings

      • geometry dash auto speedhack.exe (PID: 7116)
      • geometry dash auto speedhack.exe (PID: 1160)

    • Manual execution by a user

      • Taskmgr.exe (PID: 5496)
      • Taskmgr.exe (PID: 2028)

    • Reads security settings of Internet Explorer

      • Taskmgr.exe (PID: 5496)
      • notepad.exe (PID: 6304)

    • Reads the machine GUID from the registry

      • geometry dash auto speedhack.exe (PID: 4380)
      • geometry dash auto speedhack.exe (PID: 6160)
      • geometry dash auto speedhack.exe (PID: 1328)
      • geometry dash auto speedhack.exe (PID: 4100)
      • geometry dash auto speedhack.exe (PID: 2492)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:07:10 12:59:43+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 3072
InitializedDataSize: 10752
UninitializedDataSize: -
EntryPoint: 0x122d
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
11
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #MEMZ geometry dash auto speedhack.exe #MEMZ geometry dash auto speedhack.exe no specs #MEMZ geometry dash auto speedhack.exe no specs #MEMZ geometry dash auto speedhack.exe no specs #MEMZ geometry dash auto speedhack.exe no specs #MEMZ geometry dash auto speedhack.exe no specs #MEMZ geometry dash auto speedhack.exe no specs notepad.exe no specs taskmgr.exe no specs taskmgr.exe geometry dash auto speedhack.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1160"C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe" /mainC:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe
geometry dash auto speedhack.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\geometry dash auto speedhack.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1328"C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe" /watchdogC:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe
geometry dash auto speedhack.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\geometry dash auto speedhack.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2028"C:\WINDOWS\system32\taskmgr.exe" /0C:\Windows\System32\Taskmgr.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Task Manager
Exit code:
3221226540
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll
2492"C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe" /watchdogC:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe
geometry dash auto speedhack.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\geometry dash auto speedhack.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4100"C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe" /watchdogC:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe
geometry dash auto speedhack.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\geometry dash auto speedhack.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4380"C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe" /watchdogC:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe
geometry dash auto speedhack.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\geometry dash auto speedhack.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
5496"C:\WINDOWS\system32\taskmgr.exe" /0C:\Windows\System32\Taskmgr.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Manager
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
6160"C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe" /watchdogC:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe
geometry dash auto speedhack.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\geometry dash auto speedhack.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6304"C:\Windows\System32\notepad.exe" \note.txtC:\Windows\SysWOW64\notepad.exegeometry dash auto speedhack.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\gdi32.dll
6508"C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe" C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\geometry dash auto speedhack.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
Total events
2 911
Read events
2 909
Write events
1
Delete events
1

Modification events

(PID) Process:(5496) Taskmgr.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\TaskManager
Operation:delete valueName:Preferences
Value:
(PID) Process:(5496) Taskmgr.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\TaskManager
Operation:writeName:Preferences
Value:
0D00000060000000600000006800000068000000E3010000DC010000000001000000008000000080D8010080DF010080000100016B00000034000000130300008C020000E80300000000000000000000000000000F000000010000000000000058AAEE82F77F00000000000000000000000000002E0100001E0000008990000000000000FF00000001015002000000000D0000000000000098AAEE82F77F00000000000000000000FFFFFFFF960000001E0000008B900000010000000000000000101001000000000300000000000000B0AAEE82F77F00000000000000000000FFFFFFFF780000001E0000008C900000020000000000000001021200000000000400000000000000C8AAEE82F77F00000000000000000000FFFFFFFF960000001E0000008D900000030000000000000000011001000000000200000000000000E8AAEE82F77F00000000000000000000FFFFFFFF320000001E0000008A90000004000000000000000008200100000000050000000000000000ABEE82F77F00000000000000000000FFFFFFFFC80000001E0000008E90000005000000000000000001100100000000060000000000000028ABEE82F77F00000000000000000000FFFFFFFF040100001E0000008F90000006000000000000000001100100000000070000000000000050ABEE82F77F00000000000000000000FFFFFFFF49000000490000009090000007000000000000000004250000000000080000000000000080AAEE82F77F00000000000000000000FFFFFFFF49000000490000009190000008000000000000000004250000000000090000000000000070ABEE82F77F00000000000000000000FFFFFFFF490000004900000092900000090000000000000000042508000000000A0000000000000088ABEE82F77F00000000000000000000FFFFFFFF4900000049000000939000000A0000000000000000042508000000000B00000000000000A8ABEE82F77F00000000000000000000FFFFFFFF490000004900000039A000000B0000000000000000042509000000001C00000000000000C8ABEE82F77F00000000000000000000FFFFFFFFC8000000490000003AA000000C0000000000000000011009000000001D00000000000000F0ABEE82F77F00000000000000000000FFFFFFFF64000000490000004CA000000D0000000000000000021508000000001E0000000000000010ACEE82F77F00000000000000000000FFFFFFFF64000000490000004DA000000E000000000000000002150800000000030000000A000000010000000000000058AAEE82F77F0000000000000000000000000000D70000001E0000008990000000000000FF00000001015002000000000400000000000000C8AAEE82F77F0000000000000000000001000000960000001E0000008D900000010000000000000001011000000000000300000000000000B0AAEE82F77F00000000000000000000FFFFFFFF640000001E0000008C900000020000000000000000021000000000000C0000000000000040ACEE82F77F0000000000000000000003000000640000001E00000094900000030000000000000001021000000000000D0000000000000068ACEE82F77F00000000000000000000FFFFFFFF640000001E00000095900000040000000000000000011001000000000E0000000000000090ACEE82F77F0000000000000000000005000000320000001E00000096900000050000000000000001042001000000000F00000000000000B8ACEE82F77F0000000000000000000006000000320000001E00000097900000060000000000000001042001000000001000000000000000D8ACEE82F77F0000000000000000000007000000460000001E00000098900000070000000000000001011001000000001100000000000000F8ACEE82F77F00000000000000000000FFFFFFFF640000001E0000009990000008000000000000000001100100000000060000000000000028ABEE82F77F0000000000000000000009000000040100001E0000008F9000000900000000000000010110010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000B000000010000000000000058AAEE82F77F0000000000000000000000000000D70000001E0000009E90000000000000FF0000000101500200000000120000000000000020ADEE82F77F00000000000000000000FFFFFFFF2D0000001E0000009B90000001000000000000000004200100000000140000000000000040ADEE82F77F00000000000000000000FFFFFFFF640000001E0000009D90000002000000000000000001100100000000130000000000000068ADEE82F77F00000000000000000000FFFFFFFF640000001E0000009C900000030000000000000000011001000000000300000000000000B0AAEE82F77F00000000000000000000FFFFFFFF640000001E0000008C90000004000000000000000102100000000000070000000000000050ABEE82F77F000000000000000000000500000049000000490000009090000005000000000000000104210000000000080000000000000080AAEE82F77F000000000000000000000600000049000000490000009190000006000000000000000104210000000000090000000000000070ABEE82F77F0000000000000000000007000000490000004900000092900000070000000000000001042108000000000A0000000000000088ABEE82F77F0000000000000000000008000000490000004900000093900000080000000000000001042108000000000B00000000000000A8ABEE82F77F0000000000000000000009000000490000004900000039A00000090000000000000001042109000000001C00000000000000C8ABEE82F77F000000000000000000000A00000064000000490000003AA000000A00000000000000000110090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000008000000010000000000000058AAEE82F77F0000000000000000000000000000C60000001E000000B090000000000000FF0000000101500200000000150000000000000088ADEE82F77F00000000000000000000FFFFFFFF6B0000001E000000B1900000010000000000000000042500000000001600000000000000B8ADEE82F77F00000000000000000000FFFFFFFF6B0000001E000000B2900000020000000000000000042500000000001800000000000000E0ADEE82F77F00000000000000000000FFFFFFFF6B0000001E000000B490000003000000000000000004250000000000170000000000000008AEEE82F77F00000000000000000000FFFFFFFF6B0000001E000000B390000004000000000000000004250000000000190000000000000040AEEE82F77F00000000000000000000FFFFFFFFA00000001E000000B5900000050000000000000000042001000000001A0000000000000070AEEE82F77F00000000000000000000FFFFFFFF7D0000001E000000B6900000060000000000000000042001000000001B00000000000000A0AEEE82F77F00000000000000000000FFFFFFFF7D0000001E000000B790000007000000000000000004200100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000DA00000000000000000000000000000000000000000000009D200000200000009100000064000000320000006400000050000000320000003200000028000000500000003C0000005000000050000000320000005000000050000000500000005000000050000000500000002800000050000000230000002300000023000000230000005000000050000000500000003200000032000000320000007800000078000000500000003C00000050000000500000009700000032000000780000003200000050000000500000005000000050000000000000000100000002000000030000000400000005000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E0000000F000000100000001100000012000000130000001400000015000000160000001700000018000000190000001A0000001B0000001C0000001D0000001E0000001F000000200000002100000022000000230000002400000025000000260000002700000028000000290000002A0000002B0000002C00000000000000000000001F00000000000000B400000032000000D8000000640000006400000000000000000000000000000000000000000000000000000000000000000000000000000000000000DA000000000000000000000000000000000000009D200000200000009100000064000000320000009700000050000000320000003200000028000000500000003C000000500000005000000032000000500000005000000050000000500000005000000050000000500000002800000050000000230000002300000023000000230000005000000050000000500000003200000032000000320000007800000078000000500000003C0000005000000064000000780000003200000078000000780000003200000050000000500000005000000050000000C8000000000000000100000002000000030000000400000005000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E0000000F000000100000001100000012000000130000001400000015000000160000001700000018000000190000001A0000001B0000001C0000001D0000001E0000001F000000200000002100000022000000230000002400000025000000260000002700000028000000290000002A0000002B0000002C0000002D0000002E0000002F00000000000000000000001F00000000000000B400000032000000D8000000640000006400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000002000000030000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000
Executable files
0
Suspicious files
1
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
1160geometry dash auto speedhack.exe\Device\Harddisk0\DR0
MD5:
SHA256:
5496Taskmgr.exeC:\Users\admin\AppData\Local\D3DSCache\3534848bb9f4cb71\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.locktext
MD5:F49655F856ACB8884CC0ACE29216F511
SHA256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
1160geometry dash auto speedhack.exeC:\note.txtbinary
MD5:AFA6955439B8D516721231029FB9CA1B
SHA256:8E9F20F6864C66576536C0B866C6FFDCF11397DB67FE120E972E244C3C022270
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
20
DNS requests
14
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7096
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3944
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7096
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4544
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5944
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3944
svchost.exe
20.190.159.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3944
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
google.com
  • 142.250.186.110
whitelisted
crl.microsoft.com
  • 23.53.40.178
  • 23.53.40.176
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
login.live.com
  • 20.190.159.68
  • 20.190.159.0
  • 20.190.159.23
  • 20.190.159.4
  • 40.126.31.67
  • 40.126.31.73
  • 40.126.31.0
  • 20.190.159.129
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
geometry dash auto speedhack.exe