File name:

a896264702cbc630b8a8e0358efdd27f981d7118bc174a826df29f4f0dab5097Installer.exe

Full analysis: https://app.any.run/tasks/edbf800c-7e70-4d7f-ae1f-eafd2e1fd900
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 21, 2025, 14:22:29
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
installer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

CEBB467BE98A703CCFC26A957CC0C144

SHA1:

335B528D8344ABB80C32121D6C07500191CE1BA5

SHA256:

A896264702CBC630B8A8E0358EFDD27F981D7118BC174A826DF29F4F0DAB5097

SSDEEP:

98304:lYC0CQGowo/L2Q+opx88TSwJg4SSU3sBopUTAcZoAiB+tA4Ru+FP3UCmP/5UgYbu:vX+bqaBU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • .exe (PID: 5764)
      • .exe (PID: 1512)
      • .exe (PID: 2380)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • .exe (PID: 5764)
      • .exe (PID: 2380)

    • Process creates executable files without a name

      • .exe (PID: 5764)
      • .exe (PID: 2380)

    • Process requests binary or script from the Internet

      • .exe (PID: 5764)
      • .exe (PID: 2380)

    • Reads security settings of Internet Explorer

      • .exe (PID: 5764)
      • .exe (PID: 2380)

    • Potential Corporate Privacy Violation

      • .exe (PID: 5764)
      • .exe (PID: 2380)

  • INFO

    • Reads security settings of Internet Explorer

      • OpenWith.exe (PID: 5140)

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 5140)
      • OpenWith.exe (PID: 3608)

    • Application launched itself

      • Acrobat.exe (PID: 724)
      • AcroCEF.exe (PID: 3676)

    • The sample compiled with english language support

      • OpenWith.exe (PID: 5140)
      • .exe (PID: 5764)
      • .exe (PID: 2380)

    • Manual execution by a user

      • .exe (PID: 5764)
      • .exe (PID: 1512)
      • .exe (PID: 2380)

    • Checks supported languages

      • .exe (PID: 5764)
      • .exe (PID: 2380)

    • Creates files in the program directory

      • .exe (PID: 5764)
      • .exe (PID: 2380)

    • Creates files or folders in the user directory

      • .exe (PID: 5764)

    • Create files in a temporary directory

      • .exe (PID: 5764)
      • .exe (PID: 2380)

    • Reads the computer name

      • .exe (PID: 5764)
      • .exe (PID: 2380)

    • Checks proxy server information

      • .exe (PID: 5764)
      • .exe (PID: 2380)
      • slui.exe (PID: 6836)

    • Reads the software policy settings

      • .exe (PID: 5764)
      • .exe (PID: 2380)
      • slui.exe (PID: 6836)

    • Reads the machine GUID from the registry

      • .exe (PID: 2380)
      • .exe (PID: 5764)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.odttf | Obfuscated subsetted Font (28.9)
.exe | Win32 Executable MS Visual C++ (generic) (17.3)
.exe | Win64 Executable (generic) (15.3)
.exe | UPX compressed Win32 Executable (15)
.exe | Win32 EXE Yoda's Crypter (14.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2015:02:18 16:50:49+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 2774528
InitializedDataSize: 5286912
UninitializedDataSize: -
EntryPoint: 0x1c5fec
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.1.885.1766
ProductVersionNumber: 1.1.885.1766
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileVersion: 1.1.885.1766
ProductVersion: 1.1.885.1766
CompanyName: Lavasoft
FileDescription: Web Companion Installer
LegalCopyright: c Lavasoft Limited. All Rights Reserved.
InternalName: Installer.exe
OriginalFileName: Installer.exe
ProductName: Web Companion Installer
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
150
Monitored processes
15
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start openwith.exe no specs acrobat.exe no specs acrobat.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs slui.exe openwith.exe no specs .exe no specs .exe .exe

Process information

PID
CMD
Path
Indicators
Parent process
724"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\admin\Desktop\a896264702cbc630b8a8e0358efdd27f981d7118bc174a826df29f4f0dab5097Installer.exe.odttf"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeOpenWith.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat
Exit code:
1
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrobat.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
888"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2028 --field-trial-handle=1620,i,3121707753280015390,14092880465804412569,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1512"C:\Users\admin\Desktop\.exe" C:\Users\admin\Desktop\.exeexplorer.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion Installer
Exit code:
3221226540
Version:
1.1.885.1766
Modules
Images
c:\users\admin\desktop\.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
2380"C:\Users\admin\Desktop\.exe" C:\Users\admin\Desktop\.exe
explorer.exe
User:
admin
Company:
Lavasoft
Integrity Level:
HIGH
Description:
Web Companion Installer
Exit code:
0
Version:
1.1.885.1766
Modules
Images
c:\users\admin\desktop\.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2972"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" --type=renderer /prefetch:1 "C:\Users\admin\Desktop\a896264702cbc630b8a8e0358efdd27f981d7118bc174a826df29f4f0dab5097Installer.exe.odttf"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeAcrobat.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat
Exit code:
1
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrobat.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3480"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2444 --field-trial-handle=1620,i,3121707753280015390,14092880465804412569,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3608C:\WINDOWS\system32\OpenWith.exe -EmbeddingC:\Windows\System32\OpenWith.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3676"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16514043C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcrobat.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3716"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=renderer --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --first-renderer-process --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --touch-events=enabled --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1620,i,3121707753280015390,14092880465804412569,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
5140"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\a896264702cbc630b8a8e0358efdd27f981d7118bc174a826df29f4f0dab5097Installer.exe.odttfC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
22 319
Read events
22 120
Write events
188
Delete events
11

Modification events

(PID) Process:(724) Acrobat.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-2034283098-2252572593-1072577386-2659511007-3245387615-27016815-3920691934
Operation:writeName:DisplayName
Value:
Adobe Acrobat Reader Protected Mode
(PID) Process:(2972) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\ExitSection
Operation:writeName:bLastExitNormal
Value:
0
(PID) Process:(2972) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement
Operation:writeName:sProductGUID
Value:
4143524F4241545F475549445F4E474C5F44554D4D5900
(PID) Process:(2972) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AdobeViewer
Operation:delete valueName:ProductInfoCache
Value:
(PID) Process:(2972) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AdobeViewer
Operation:writeName:EULAAcceptedForBrowser
Value:
1
(PID) Process:(2972) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement
Operation:writeName:bSynchronizeOPL
Value:
0
(PID) Process:(2972) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral
Operation:writeName:uLastAppLaunchTimeStamp
Value:
(PID) Process:(2972) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral
Operation:writeName:iNumAcrobatLaunches
Value:
7
(PID) Process:(2972) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\HomeWelcomeFirstMile
Operation:writeName:iCardCountShown
Value:
3
(PID) Process:(2972) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\DLLInjection
Operation:writeName:bBlockDLLInjection
Value:
0
Executable files
4
Suspicious files
58
Text files
13
Unknown types
0

Dropped files

PID
Process
Filename
Type
2972Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.jsonbinary
MD5:837C1211E392A24D64C670DC10E8DA1B
SHA256:8013AC030684B86D754BBFBAB8A9CEC20CAA4DD9C03022715FF353DC10E14031
2972Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTINGbinary
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
2972Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2972binary
MD5:366B140BAFC863B7E366AA1E51604759
SHA256:CBC8B288DBD2C72432081CF33CEF431572A94C7FB89DBCD59973B99E3871814E
2972Acrobat.exeC:\Users\admin\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.1.20093.6 2025-06-21 14-23-26-894.logtext
MD5:460C6041966002D8384A18C895A65EB0
SHA256:C83EC6E8FB3EC62481289C033238C1D9B08DB8076EAAD304099FD7A7F594F1B9
724Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lstbinary
MD5:366B140BAFC863B7E366AA1E51604759
SHA256:CBC8B288DBD2C72432081CF33CEF431572A94C7FB89DBCD59973B99E3871814E
2972Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEventsbinary
MD5:908BBB3EBD188B8C30B8202B000C6C2C
SHA256:59D9370366BD7394BAAB7DC453D651E19666C4AD1D51819F9ADED80878590183
2972Acrobat.exeC:\Users\admin\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txttext
MD5:7DE4D430A9B2E0334261E362DFE36C15
SHA256:74004EB15DC7A88C0E3D1D1509D60F7E7DB1F1C4BFE749A5716F32153E43EA4F
2972Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalbinary
MD5:7A3BD98604B8504CC5264A33251E681D
SHA256:2980B91095C947176FB1962F2A18CE01A79FB391E6517CF29180BA931DFE5554
3676AcroCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0binary
MD5:2D98127D136E38B8C6CE1D78F773395A
SHA256:93E45926CFA7182977BBF67B211845F80377CFB1F6F45FA3CEAB647207457F09
3676AcroCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0binary
MD5:EA510DEE3AAC5E63425016D0ECA43184
SHA256:F6F8E477C6CE422BAB0C2FFF2BB7236025A2C904AC91F5EF3D3B1BD297BAC94F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
41
TCP/UDP connections
54
DNS requests
27
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5944
MoUsoCoreWorker.exe
GET
200
23.55.104.172:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.55.104.172:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5232
RUXIMICS.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5232
RUXIMICS.exe
GET
200
23.55.104.172:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
400
40.126.32.133:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
200
20.190.160.131:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
POST
200
20.190.160.132:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
POST
200
20.190.160.64:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
16.7 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5232
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5944
MoUsoCoreWorker.exe
23.55.104.172:80
crl.microsoft.com
Akamai International B.V.
US
whitelisted
1268
svchost.exe
23.55.104.172:80
crl.microsoft.com
Akamai International B.V.
US
whitelisted
5232
RUXIMICS.exe
23.55.104.172:80
crl.microsoft.com
Akamai International B.V.
US
whitelisted
5944
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
1268
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
5232
RUXIMICS.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
  • 20.73.194.208
whitelisted
google.com
  • 142.250.186.110
whitelisted
crl.microsoft.com
  • 23.55.104.172
  • 23.55.104.190
  • 184.24.77.30
  • 184.24.77.41
  • 184.24.77.33
  • 184.24.77.34
  • 184.24.77.12
  • 184.24.77.29
  • 184.24.77.13
  • 184.24.77.40
  • 184.24.77.39
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 184.30.21.171
whitelisted
client.wns.windows.com
  • 172.211.123.249
  • 172.211.123.248
whitelisted
login.live.com
  • 20.190.159.131
  • 20.190.159.4
  • 40.126.31.0
  • 20.190.159.71
  • 40.126.31.3
  • 40.126.31.130
  • 40.126.31.69
  • 40.126.31.2
whitelisted
nexusrules.officeapps.live.com
  • 52.111.243.31
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted

Threats

PID
Process
Class
Message
5764
.exe
Misc activity
INSTALLER [ANY.RUN] VCSoapClient Installer HTTP POST Request (UA)
5764
.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
2380
.exe
Misc activity
INSTALLER [ANY.RUN] VCSoapClient Installer HTTP POST Request (UA)
2380
.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
a896264702cbc630b8a8e0358efdd27f981d7118bc174a826df29f4f0dab5097Installer.exe