File name:

Wub_x64.exe

Full analysis: https://app.any.run/tasks/f4fa1c31-4487-4d86-a9d1-79dc528fb68f
Verdict: Malicious activity
Analysis date: February 23, 2025, 22:27:25
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 5 sections
MD5:

4DE68A46A3C3D4104AA3609C9004238B

SHA1:

AB69DCA72F1CC0CA0A1A74DE5CCAA62BF95591AD

SHA256:

B34F463E49EE79001E38C0A2BB70AF2A54C0EDA036934EEDCC22440220D7809E

SSDEEP:

24576:2Qpsfo0qwnq9siaZAtz9IHPrFw+kpBiLXMB2QCaELqUSn+23xZB0AC:2Ysfoqnq9daZKz94PrFw+kpBiLXMB2Q2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • Wub_x64.exe (PID: 6260)
      • Wub_x64.exe (PID: 556)
      • Wub_x64.exe (PID: 2736)

    • Creates or modifies Windows services

      • Wub_x64.exe (PID: 6260)

    • Changes the Windows auto-update feature

      • Wub_x64.exe (PID: 6260)

    • Changes the autorun value in the registry

      • reg.exe (PID: 6692)

  • SUSPICIOUS

    • Creates or modifies Windows services

      • Wub_x64.exe (PID: 6260)
      • Wub_x64.exe (PID: 2736)

    • Modifies existing scheduled task

      • schtasks.exe (PID: 6972)
      • schtasks.exe (PID: 5464)
      • schtasks.exe (PID: 3540)
      • schtasks.exe (PID: 2972)
      • schtasks.exe (PID: 396)
      • schtasks.exe (PID: 4384)
      • schtasks.exe (PID: 3732)
      • schtasks.exe (PID: 6556)
      • schtasks.exe (PID: 6772)
      • schtasks.exe (PID: 3608)
      • schtasks.exe (PID: 6716)
      • schtasks.exe (PID: 4500)
      • schtasks.exe (PID: 5488)
      • schtasks.exe (PID: 188)
      • schtasks.exe (PID: 7028)
      • schtasks.exe (PID: 6672)
      • schtasks.exe (PID: 7028)
      • schtasks.exe (PID: 5972)
      • schtasks.exe (PID: 6904)
      • schtasks.exe (PID: 5916)
      • schtasks.exe (PID: 2076)
      • schtasks.exe (PID: 5992)
      • schtasks.exe (PID: 4392)
      • schtasks.exe (PID: 3364)
      • schtasks.exe (PID: 5320)
      • schtasks.exe (PID: 6204)
      • schtasks.exe (PID: 5888)
      • schtasks.exe (PID: 2324)
      • schtasks.exe (PID: 6376)
      • schtasks.exe (PID: 6824)
      • schtasks.exe (PID: 6772)
      • schtasks.exe (PID: 7128)

    • Application launched itself

      • Wub_x64.exe (PID: 6260)
      • Skype.exe (PID: 5640)

    • Uses REG/REGEDIT.EXE to modify registry

      • Skype.exe (PID: 5640)

    • Reads security settings of Internet Explorer

      • Skype.exe (PID: 5640)

    • Detected use of alternative data streams (AltDS)

      • Skype.exe (PID: 5640)

    • Process uses IPCONFIG to get network configuration information

      • cmd.exe (PID: 1216)

  • INFO

    • The sample compiled with english language support

      • Wub_x64.exe (PID: 6260)

    • Reads mouse settings

      • Wub_x64.exe (PID: 6260)
      • Wub_x64.exe (PID: 2736)

    • Checks supported languages

      • Wub_x64.exe (PID: 6260)
      • Wub_x64.exe (PID: 2736)
      • Skype.exe (PID: 5640)
      • Skype.exe (PID: 2164)
      • Skype.exe (PID: 4516)
      • Skype.exe (PID: 6824)
      • Skype.exe (PID: 6916)
      • Skype.exe (PID: 5888)

    • Reads the computer name

      • Wub_x64.exe (PID: 6260)
      • Wub_x64.exe (PID: 2736)
      • Skype.exe (PID: 5640)
      • Skype.exe (PID: 4516)
      • Skype.exe (PID: 6824)
      • Skype.exe (PID: 6916)

    • Create files in a temporary directory

      • Wub_x64.exe (PID: 6260)
      • Skype.exe (PID: 5640)

    • Checks proxy server information

      • Skype.exe (PID: 5640)

    • Manual execution by a user

      • Skype.exe (PID: 5640)
      • cmd.exe (PID: 1216)

    • Reads CPU info

      • Skype.exe (PID: 5640)

    • Reads the software policy settings

      • Skype.exe (PID: 5640)

    • Process checks computer location settings

      • Skype.exe (PID: 5640)
      • Skype.exe (PID: 6916)
      • Skype.exe (PID: 5888)

    • Creates files or folders in the user directory

      • Skype.exe (PID: 5640)
      • Skype.exe (PID: 6916)
      • Skype.exe (PID: 6824)

    • Reads the machine GUID from the registry

      • Skype.exe (PID: 5640)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2010:04:16 07:47:52+00:00
ImageFileCharacteristics: No relocs, Executable, Large address aware
PEType: PE32+
LinkerVersion: 9
CodeSize: 613376
InitializedDataSize: 231424
UninitializedDataSize: -
EntryPoint: 0x1d47c
OSVersion: 5.2
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows GUI
FileVersionNumber: 1.6.0.0
ProductVersionNumber: 1.6.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (British)
CharacterSet: Unicode
FileVersion: 1.6.0.0
Comments: Windows Update Blocker v1.6
FileDescription: Windows Update Blocker v1.6
LegalCopyright: Copyright © 2016-2020 www.sordum.org All Rights Reserved.
CompanyName: www.sordum.org
ProductVersion: 1.6.0.0
OriginalFileName: Wub.exe
Coder: By BlueLife
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
222
Monitored processes
90
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start wub_x64.exe schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs wub_x64.exe schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs skype.exe skype.exe no specs skype.exe no specs skype.exe reg.exe conhost.exe no specs skype.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs skype.exe no specs cmd.exe no specs conhost.exe no specs ipconfig.exe no specs wub_x64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
188"C:\WINDOWS\System32\schtasks.exe" /change /tn "\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" /disableC:\Windows\System32\schtasks.exeWub_x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
396"C:\WINDOWS\System32\schtasks.exe" /change /tn "\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" /disableC:\Windows\System32\schtasks.exeWub_x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
556"C:\Users\admin\AppData\Local\Temp\Wub_x64.exe" C:\Users\admin\AppData\Local\Temp\Wub_x64.exeexplorer.exe
User:
admin
Company:
www.sordum.org
Integrity Level:
MEDIUM
Description:
Windows Update Blocker v1.6
Exit code:
3221226540
Version:
1.6.0.0
Modules
Images
c:\users\admin\appdata\local\temp\wub_x64.exe
c:\windows\system32\ntdll.dll
644\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
736\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
836\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1216"C:\WINDOWS\system32\cmd.exe" C:\Windows\System32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\wldp.dll
1448\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1616\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2040C:\WINDOWS\system32\reg.exe QUERY HKCU\Software\Microsoft\Skype /v RestartForUpdateC:\Windows\SysWOW64\reg.exeSkype.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
9 419
Read events
9 384
Write events
12
Delete events
23

Modification events

(PID) Process:(6260) Wub_x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv
Operation:writeName:Start
Value:
3
(PID) Process:(6260) Wub_x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings
Operation:writeName:TrayIconVisibility
Value:
0
(PID) Process:(6260) Wub_x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaaSMedicSvc
Operation:writeName:Start
Value:
4
(PID) Process:(6260) Wub_x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaaSMedicSvc
Operation:delete valueName:WubLock
Value:
(PID) Process:(6260) Wub_x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaaSMedicSvc
Operation:writeName:WubLock
Value:
1
(PID) Process:(6260) Wub_x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UsoSvc
Operation:writeName:Start
Value:
3
(PID) Process:(6260) Wub_x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UsoSvc
Operation:delete valueName:WubLock
Value:
(PID) Process:(6260) Wub_x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Operation:writeName:NoAutoUpdate
Value:
1
(PID) Process:(6260) Wub_x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv
Operation:writeName:Start
Value:
4
(PID) Process:(6260) Wub_x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv
Operation:delete valueName:WubLock
Value:
Executable files
0
Suspicious files
30
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
6260Wub_x64.exeC:\Users\admin\AppData\Local\Temp\Wub.inibinary
MD5:DD7DABB59279B6893AD4140E3AA18CC9
SHA256:DB08397EDFCF77229975498CB9D29EB9B99F5449F22755A9019085A2935B0CDB
5640Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b916037c1e115fe0.customDestinations-msbinary
MD5:ED2B936081707ED3EC8A5B47AF5B80B3
SHA256:F52D94203125894A6696C7D654790212A6FD6362DECF3E4501F393922DC5FC0E
6260Wub_x64.exeC:\Windows\System32\GroupPolicy\Machine\Registry.polbinary
MD5:4EBD7B702B806725AD4B3AE751F9FC00
SHA256:A31591834F86ED09610A65D728922EEF481FA3A5F86B5130C407ED4126EB4FB2
2736Wub_x64.exeC:\Windows\Temp\aut9DAA.tmpbinary
MD5:4BF876B14B5E2BFEA79D7450E28AD3F1
SHA256:794D43AEF1F207C7EBC71588F412214F6DBE02A66DCC1F47DC9F407A2B11FCB6
5640Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dictext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
5640Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.jsonbinary
MD5:0471ACBC898E7356BFDFE788D92DC2FC
SHA256:F1278FC3DB260F27412EA995C1078A0AA7001E07766D1C471172A8697F451136
5640Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8KC4JBJ1NXR2YAJS87GL.tempbinary
MD5:ED2B936081707ED3EC8A5B47AF5B80B3
SHA256:F52D94203125894A6696C7D654790212A6FD6362DECF3E4501F393922DC5FC0E
5640Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.oldtext
MD5:46EED8B7CAAD25F7F453617DA0FB0857
SHA256:5BC1DE0E32F2969386351B2BE088F13B6CC3DF7693EE9E92FEEF59DB6AF1FB92
6916Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\CS_skylib\CS_shared.tmpbinary
MD5:99914B932BD37A50B983C5E7C90AE93B
SHA256:44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
5640Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Spelling\en-US\default.acltext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
53
DNS requests
34
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
736
svchost.exe
GET
200
23.48.23.177:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.177:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
736
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2972
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5892
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
2972
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.177:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
736
svchost.exe
23.48.23.177:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
736
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
92.123.104.34:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1176
svchost.exe
20.190.159.4:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1076
svchost.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 23.48.23.177
  • 23.48.23.167
  • 23.48.23.168
  • 23.48.23.166
  • 23.48.23.161
  • 23.48.23.174
  • 23.48.23.162
  • 23.48.23.169
  • 23.48.23.159
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 2.23.246.101
whitelisted
google.com
  • 142.250.186.142
whitelisted
www.bing.com
  • 92.123.104.34
  • 92.123.104.38
  • 92.123.104.31
  • 92.123.104.32
whitelisted
login.live.com
  • 20.190.159.4
  • 40.126.31.69
  • 40.126.31.129
  • 20.190.159.71
  • 20.190.159.75
  • 40.126.31.0
  • 20.190.159.0
  • 20.190.159.64
  • 40.126.31.130
  • 40.126.31.1
  • 20.190.159.130
  • 40.126.31.67
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
arc.msn.com
  • 20.223.36.55
whitelisted
fd.api.iris.microsoft.com
  • 20.199.58.43
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Wub_x64.exe