File name:

HidCache.zip

Full analysis: https://app.any.run/tasks/532f79f2-bd43-471c-81a6-173364a20b71
Verdict: Malicious activity
Analysis date: November 12, 2024, 21:25:09
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

1B4C515F7AF572C68C739D031FDC369A

SHA1:

D4895A13089127F0D40B4F1DBA63C2914A65D400

SHA256:

B28C28B819FDC1201012FC91953A5D51FAF0ACBBD75BC140C66339F54CC33F8D

SSDEEP:

49152:ygV6XgNC/l6m8Ft4w7xGc7OAMCEY4IBZYUvcwazE1ikt3Wiwh9ov9919ECZzGI4+:3V6XpP07OVY4IlvcOvMXov995SI4LQzR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 1732)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 1732)
      • setup.exe (PID: 4004)
      • setup.exe (PID: 5236)
      • setup.exe (PID: 6764)
      • setup.exe (PID: 6988)

    • Executable content was dropped or overwritten

      • setup.exe (PID: 4004)
      • setup.exe (PID: 6764)
      • setup.exe (PID: 5236)
      • setup.exe (PID: 6988)

    • Starts a Microsoft application from unusual location

      • NetCoreCheck.exe (PID: 7048)
      • Launcher.exe (PID: 6908)
      • NetCoreCheck.exe (PID: 6936)
      • NetCoreCheck.exe (PID: 4432)
      • NetCoreCheck.exe (PID: 4060)

  • INFO

    • The process uses the downloaded file

      • WinRAR.exe (PID: 1732)
      • setup.exe (PID: 4004)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1732)

    • Manual execution by a user

      • setup.exe (PID: 4004)
      • setup.exe (PID: 6764)
      • HidCache.exe (PID: 7148)
      • setup.exe (PID: 5236)
      • HidCache.exe (PID: 6132)
      • Launcher.exe (PID: 6908)
      • notepad.exe (PID: 6344)
      • msedge.exe (PID: 7048)
      • setup.exe (PID: 6988)

    • Sends debugging messages

      • NetCoreCheck.exe (PID: 7048)
      • HidCache.exe (PID: 7148)
      • NetCoreCheck.exe (PID: 4432)
      • HidCache.exe (PID: 6132)
      • NetCoreCheck.exe (PID: 6936)
      • NetCoreCheck.exe (PID: 4060)

    • Create files in a temporary directory

      • NetCoreCheck.exe (PID: 7048)
      • setup.exe (PID: 4004)

    • Creates files or folders in the user directory

      • setup.exe (PID: 4004)

    • Application launched itself

      • msedge.exe (PID: 2816)
      • msedge.exe (PID: 6660)
      • msedge.exe (PID: 3948)
      • msedge.exe (PID: 4432)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:10:17 02:39:44
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Application Files/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
249
Monitored processes
107
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs setup.exe netcorecheck.exe conhost.exe no specs setup.exe netcorecheck.exe conhost.exe no specs hidcache.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs launcher.exe no specs hidcache.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs setup.exe netcorecheck.exe conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs setup.exe netcorecheck.exe conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
528"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4816 --field-trial-handle=2288,i,15436383787215338344,7647873533671543141,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
616"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4804 --field-trial-handle=2288,i,15436383787215338344,7647873533671543141,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
624"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6136 --field-trial-handle=2452,i,10441625143522336137,11176547516477516291,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
764"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5088 --field-trial-handle=2308,i,17838865512689569327,2751715110422357092,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
824"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4472 --field-trial-handle=2384,i,9153472216402421134,4434214004262187908,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
848"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4552 --field-trial-handle=2452,i,10441625143522336137,11176547516477516291,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
848"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6020 --field-trial-handle=2308,i,17838865512689569327,2751715110422357092,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
948"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2640 --field-trial-handle=2452,i,10441625143522336137,11176547516477516291,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1160"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4212 --field-trial-handle=2384,i,9153472216402421134,4434214004262187908,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1196"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2684 --field-trial-handle=2288,i,15436383787215338344,7647873533671543141,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
30 065
Read events
29 958
Write events
94
Delete events
13

Modification events

(PID) Process:(1732) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(1732) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\HidCache.zip
(PID) Process:(1732) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1732) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1732) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1732) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1732) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:15
Value:
(PID) Process:(1732) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:14
Value:
(PID) Process:(1732) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:13
Value:
(PID) Process:(1732) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:12
Value:
Executable files
22
Suspicious files
365
Text files
162
Unknown types
4

Dropped files

PID
Process
Filename
Type
4004setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\windowsdesktop-runtime-8.0.10-win-x64[1].exe
MD5:
SHA256:
4004setup.exeC:\Users\admin\AppData\Local\Temp\VSD63D.tmp\net8desktopruntime_x64\windowsdesktop-runtime-8.0.10-win-x64.exe
MD5:
SHA256:
1732WinRAR.exeC:\Users\admin\Desktop\HidCache\Application Files\HidCache_2_0_0_1\data.dbfli
MD5:10176AD44208C195AC12B1B721E07ABC
SHA256:7DDE18FBF9A76FF96015D87394CDB69008E9A616F5F5087917BEA4A914E3FFB9
1732WinRAR.exeC:\Users\admin\Desktop\HidCache\Application Files\HidCache_2_0_0_1\Launcher.exeexecutable
MD5:B55D843F5895AF7DB87891AFDD6A7A34
SHA256:2317831257C9DE45322EAA0416A117F1F7B4F774F1F9EC6EAA033799BE954FCF
4004setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187binary
MD5:5A0FE01097D4B4B3E596AD630851F174
SHA256:73A69764C4C996FA8EE19D393257404952E3F8F1FEB7214EA129ECFE43F3760D
6764setup.exeC:\Users\admin\AppData\Local\Temp\VSDA5BA.tmp\net8desktopruntime_x64\windowsdesktop-runtime-8.0.10-win-x64.exe
MD5:
SHA256:
1732WinRAR.exeC:\Users\admin\Desktop\HidCache\setup.exeexecutable
MD5:582A621319D2407642E3032C108FA537
SHA256:73F11655FAB3E43E4A481C5FFB55B144E3C992878084F1428F6E429F526455BB
4004setup.exeC:\Users\admin\AppData\Local\Temp\VSD63D.tmp\net8desktopruntime_x64\NetCoreCheck.exeexecutable
MD5:F0CB8C49B000D90DD2F181AFFBF2B4E0
SHA256:3E1C1D8C5540E45099A501C4BC910222618FC21563644BC9ADD00EA541B013F9
1732WinRAR.exeC:\Users\admin\Desktop\HidCache\Application Files\HidCache_2_0_0_1\HidCache.dll.manifestxml
MD5:D0BACF38F07F02C6C1D2CCA77445ACEC
SHA256:3FB2010E87DA9F4D38F6C45FE4B40800FF4FF7E7345AC7A50F60553AD8DB6E64
1732WinRAR.exeC:\Users\admin\Desktop\HidCache\HidCache.applicationxml
MD5:B458DA2FF9AC69968F84F2D4A1FD9308
SHA256:0B403B40D6135675616148C0CCFF342CAD8989EFA7439530A4160DA51570D09E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
91
DNS requests
101
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6944
svchost.exe
GET
200
2.16.164.43:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5524
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5512
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5524
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
4004
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
4004
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
3676
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6416
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/c4ce8060-975e-4ce5-8e2b-31e027f5ae99?P1=1731863898&P2=404&P3=2&P4=eV59wIBofqueEr8eKXagCriAVVXs7ew5iiLKETfQFdx%2fx%2bgeMyhwi4fowxaRqG%2faDCHNGoSB7wWGQRfUC%2bU%2bug%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1588
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5488
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4360
SearchApp.exe
2.23.209.179:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4360
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6944
svchost.exe
2.16.164.43:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
6944
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
  • 51.124.78.146
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.174
  • 142.250.186.46
whitelisted
www.bing.com
  • 2.23.209.179
  • 2.23.209.149
  • 2.23.209.182
  • 2.23.209.140
  • 2.23.209.130
  • 2.23.209.133
  • 2.23.209.187
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl.microsoft.com
  • 2.16.164.43
  • 2.16.164.9
  • 2.16.164.17
  • 2.16.164.49
  • 2.16.164.40
  • 2.16.164.81
  • 2.16.164.18
  • 2.16.164.107
  • 2.16.164.82
  • 2.16.164.122
  • 2.16.164.114
  • 2.16.164.24
  • 2.16.164.51
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 23.35.229.160
whitelisted
login.live.com
  • 20.190.159.64
  • 20.190.159.23
  • 40.126.31.71
  • 20.190.159.73
  • 20.190.159.0
  • 20.190.159.68
  • 20.190.159.75
  • 20.190.159.4
whitelisted
th.bing.com
  • 2.23.209.140
  • 2.23.209.133
  • 2.23.209.130
  • 2.23.209.182
  • 2.23.209.179
  • 2.23.209.149
whitelisted
go.microsoft.com
  • 184.28.89.167
  • 23.213.166.81
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted

Threats

No threats detected
Process
Message
NetCoreCheck.exe
A fatal error occurred. The required library hostfxr.dll could not be found. If this is a self-contained application, that library should exist in []. If this is a framework-dependent application, install the runtime in the global location [C:\Program Files\dotnet] or use the DOTNET_ROOT environment variable to specify the runtime location or register the runtime location in [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\x64\InstallLocation].
NetCoreCheck.exe
The .NET runtime can be found at:
NetCoreCheck.exe
- https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=5.0.0-preview.6.20264.1
NetCoreCheck.exe
- https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=5.0.0-preview.6.20264.1
NetCoreCheck.exe
A fatal error occurred. The required library hostfxr.dll could not be found. If this is a self-contained application, that library should exist in []. If this is a framework-dependent application, install the runtime in the global location [C:\Program Files\dotnet] or use the DOTNET_ROOT environment variable to specify the runtime location or register the runtime location in [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\x64\InstallLocation].
NetCoreCheck.exe
The .NET runtime can be found at:
HidCache.exe
You must install .NET to run this application. App: C:\Users\admin\Desktop\HidCache\Application Files\HidCache_2_0_0_1\HidCache.exe Architecture: x64 App host version: 8.0.10 .NET location: Not found Learn more: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win10&apphost_version=8.0.10
HidCache.exe
You must install .NET to run this application. App: C:\Users\admin\Desktop\HidCache\Application Files\HidCache_2_0_0_1\HidCache.exe Architecture: x64 App host version: 8.0.10 .NET location: Not found Learn more: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win10&apphost_version=8.0.10
NetCoreCheck.exe
- https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=5.0.0-preview.6.20264.1
NetCoreCheck.exe
The .NET runtime can be found at:
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
HidCache.zip