File name:

dm-Setup-v.exe

Full analysis: https://app.any.run/tasks/1b4468b8-e421-4c3a-acea-1a52c23f7b7f
Verdict: Malicious activity
Threats:

Rhadamanthys is a C++ information-stealing malware that extracts sensitive data from infiltrated machines. Its layered operational chain and advanced evasion tactics make it a major risk in cybersecurity landscapes.

Malware Trends Tracker     >>>
Analysis date: May 24, 2025, 16:48:53
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
autoit
stealer
rhadamanthys
shellcode
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

D8B5F62EEEBF2CAB804D1C3BFABF4138

SHA1:

F7AFF1867B2170E6FF2CB4AC70FE8CEFDB917B59

SHA256:

BA8D5FE15F61989F663220E6433AA76EBBF6A49AE4F604C5F4CBCEB665115751

SSDEEP:

98304:ov7raIl6oFXkjDfKov1iHVrIw9a8OK6uMMjddeO1MaTKxG2XP7mA2SqDkVzEXim:f6hR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • dm-Setup-v.exe (PID: 7368)

    • RHADAMANTHYS has been detected (YARA)

      • OOBE-Maintenance.exe (PID: 5344)

    • Actions looks like stealing of personal data

      • OOBE-Maintenance.exe (PID: 5344)

    • Scans artifacts that could help determine the target

      • msedge.exe (PID: 7396)

  • SUSPICIOUS

    • Reads the date of Windows installation

      • dm-Setup-v.exe (PID: 7368)

    • Reads security settings of Internet Explorer

      • dm-Setup-v.exe (PID: 7368)
      • msedge.exe (PID: 7396)

    • Starts CMD.EXE for commands execution

      • dm-Setup-v.exe (PID: 7368)
      • cmd.exe (PID: 7412)

    • Executing commands from a ".bat" file

      • dm-Setup-v.exe (PID: 7368)

    • Get information on the list of running processes

      • cmd.exe (PID: 7412)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 7412)

    • Application launched itself

      • cmd.exe (PID: 7412)

    • Starts application with an unusual extension

      • cmd.exe (PID: 7412)

    • The process executes via Task Scheduler

      • default-browser-agent.exe (PID: 8028)

    • Loads DLL from Mozilla Firefox

      • default-browser-agent.exe (PID: 8028)
      • OOBE-Maintenance.exe (PID: 5344)

    • The process checks if it is being run in the virtual environment

      • Italian.com (PID: 7752)

    • Executes application which crashes

      • Italian.com (PID: 7752)
      • OOBE-Maintenance.exe (PID: 5344)

    • Starts the AutoIt3 executable file

      • cmd.exe (PID: 7412)

    • The executable file from the user directory is run by the CMD process

      • Italian.com (PID: 7752)

    • Multiple wallet extension IDs have been found

      • OOBE-Maintenance.exe (PID: 5344)

    • Reads Mozilla Firefox installation path

      • msedge.exe (PID: 7396)

    • Searches for installed software

      • OOBE-Maintenance.exe (PID: 5344)

    • Connects to unusual port

      • dllhost.exe (PID: 1568)

  • INFO

    • Create files in a temporary directory

      • dm-Setup-v.exe (PID: 7368)
      • extrac32.exe (PID: 7676)
      • OOBE-Maintenance.exe (PID: 5344)
      • msedge.exe (PID: 7396)
      • chrome.exe (PID: 2148)

    • Checks supported languages

      • dm-Setup-v.exe (PID: 7368)
      • extrac32.exe (PID: 7676)
      • default-browser-agent.exe (PID: 8028)
      • Italian.com (PID: 7752)
      • chrome.exe (PID: 2148)
      • msedge.exe (PID: 7396)
      • wmplayer.exe (PID: 1040)

    • Reads the computer name

      • dm-Setup-v.exe (PID: 7368)
      • extrac32.exe (PID: 7676)
      • Italian.com (PID: 7752)
      • chrome.exe (PID: 2148)
      • msedge.exe (PID: 7396)

    • Process checks computer location settings

      • dm-Setup-v.exe (PID: 7368)
      • chrome.exe (PID: 2148)
      • msedge.exe (PID: 7396)

    • Creates a new folder

      • cmd.exe (PID: 7656)

    • Reads mouse settings

      • Italian.com (PID: 7752)

    • Application launched itself

      • firefox.exe (PID: 8048)
      • chrome.exe (PID: 2148)
      • msedge.exe (PID: 7396)

    • Manual execution by a user

      • OOBE-Maintenance.exe (PID: 5344)

    • Reads the machine GUID from the registry

      • Italian.com (PID: 7752)
      • msedge.exe (PID: 7396)
      • chrome.exe (PID: 2148)
      • wmplayer.exe (PID: 1040)

    • Reads Environment values

      • chrome.exe (PID: 2148)
      • msedge.exe (PID: 7396)

    • Checks proxy server information

      • chrome.exe (PID: 2148)
      • msedge.exe (PID: 7396)
      • slui.exe (PID: 2236)

    • Process checks whether UAC notifications are on

      • msedge.exe (PID: 7396)

    • Creates files or folders in the user directory

      • msedge.exe (PID: 7396)

    • Reads the software policy settings

      • slui.exe (PID: 2236)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:04:10 12:19:23+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 25600
InitializedDataSize: 431104
UninitializedDataSize: 16896
EntryPoint: 0x33e9
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
180
Monitored processes
55
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start dm-setup-v.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs findstr.exe no specs tasklist.exe no specs findstr.exe no specs cmd.exe no specs extrac32.exe no specs findstr.exe no specs cmd.exe no specs italian.com choice.exe no specs default-browser-agent.exe no specs firefox.exe no specs firefox.exe no specs #RHADAMANTHYS oobe-maintenance.exe conhost.exe no specs werfault.exe no specs slui.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmplayer.exe dllhost.exe werfault.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
720"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2140 --field-trial-handle=1948,i,3083231771228922507,12318692321908350756,262144 --variations-seed-version /prefetch:3C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1040"C:\Program Files\Windows Media Player\wmplayer.exe"C:\Program Files\Windows Media Player\wmplayer.exe
OOBE-Maintenance.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player
Version:
12.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\program files\windows media player\wmplayer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1276"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4720 --field-trial-handle=2236,i,14340289452382097198,10836594898976098199,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1532C:\WINDOWS\system32\WerFault.exe -u -p 5344 -s 884C:\Windows\System32\WerFault.exeOOBE-Maintenance.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
1568"C:\WINDOWS\system32\dllhost.exe"C:\Windows\System32\dllhost.exe
wmplayer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\advapi32.dll
1660"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5336 --field-trial-handle=2236,i,14340289452382097198,10836594898976098199,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1912"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5988 --field-trial-handle=2236,i,14340289452382097198,10836594898976098199,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2040"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4512 --field-trial-handle=1948,i,3083231771228922507,12318692321908350756,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2064"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4252 --field-trial-handle=2236,i,14340289452382097198,10836594898976098199,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2148 --user-data-dir="C:\Users\admin\AppData\Local\Temp\chrAE4E.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/763adbe0/03a0677f"C:\Program Files\Google\Chrome\Application\chrome.exe
OOBE-Maintenance.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
12 737
Read events
12 712
Write events
24
Delete events
1

Modification events

(PID) Process:(7368) dm-Setup-v.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(7368) dm-Setup-v.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(7368) dm-Setup-v.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(7368) dm-Setup-v.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(8068) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(2148) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2148) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2148) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2148) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(2148) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
Operation:delete keyName:(default)
Value:
Executable files
7
Suspicious files
245
Text files
74
Unknown types
4

Dropped files

PID
Process
Filename
Type
7368dm-Setup-v.exeC:\Users\admin\AppData\Local\Temp\See.mp4binary
MD5:02E073F5C813870BB621034047FF056B
SHA256:1E834D02CCD42AD1410737A820FB3633F03FFC43B1F66330A5C7202A2AC9D7D3
7368dm-Setup-v.exeC:\Users\admin\AppData\Local\Temp\Ink.mp4binary
MD5:C8BF89B9627D20B18A43A497AC28A91C
SHA256:0B02B422A7CE8921A3D423A08D3FC6F0A740424F4B00D4C91900E51D0C528A1F
7368dm-Setup-v.exeC:\Users\admin\AppData\Local\Temp\Leisure.mp4binary
MD5:CEAA500D0730FF6D22C45042709E5B84
SHA256:6C0C0429FC9CED542A04A81A00878EB5F427620CDD0080E2511354F16FC356AD
7368dm-Setup-v.exeC:\Users\admin\AppData\Local\Temp\Victory.mp4binary
MD5:125D153DF5996E1ED248E63923EC1BCE
SHA256:8B1B6D01935AEE4213D29A466EA946A108B18AB4B1C0424C99142C3785C67C2F
7368dm-Setup-v.exeC:\Users\admin\AppData\Local\Temp\Hobbies.mp4binary
MD5:A4C438842938498FBC28788A4269CA3F
SHA256:D43642EB4E1261FA89F61188043CD2F5CE8462D6B62FDB9CC2796E8D299322A9
7368dm-Setup-v.exeC:\Users\admin\AppData\Local\Temp\Responsible.mp4binary
MD5:785F9D780C50E5CCED91045B14339558
SHA256:174A51DA1E57D0438967C2CA8DC26EA317605B301E17634F11C4CD4EF07E0457
7368dm-Setup-v.exeC:\Users\admin\AppData\Local\Temp\Denied.mp4binary
MD5:18F8DE43658887943EF5C1718904DF0A
SHA256:FF76FE08EEAC6754BFC8BD291C4C3730ECF803F379E06F89278155EE820C9D62
7368dm-Setup-v.exeC:\Users\admin\AppData\Local\Temp\Nsw.mp4binary
MD5:DDE5D19411A0E312B9BF538043373428
SHA256:C04011003580D47800C9788A164EE625FC2781552D7BB6CB73E040B619AA478C
7368dm-Setup-v.exeC:\Users\admin\AppData\Local\Temp\Contribution.mp4text
MD5:612D1C69749577E55C0DE72DD23503F6
SHA256:36A2C2FDF5C6331FAC7E96D34A61CC3B613A618B5F54E18A1C94FD2D047760DE
7368dm-Setup-v.exeC:\Users\admin\AppData\Local\Temp\Estimate.mp4binary
MD5:7AEF4F5592E3ED66958C0B7089AB878C
SHA256:274ED111AD11E3E2C6627C2FD02C578729D35105B51531B7A6A55DAF3BBDD8A3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
53
DNS requests
55
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.32.238.34:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
720
chrome.exe
GET
302
142.250.185.238:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
unknown
whitelisted
7940
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7940
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.32.238.34:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2.16.253.202:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5496
MoUsoCoreWorker.exe
2.16.253.202:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
7940
SIHClient.exe
4.175.87.197:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7940
SIHClient.exe
2.16.253.202:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
7940
SIHClient.exe
20.242.39.171:443
fe3cr.delivery.mp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.32.238.34
  • 2.19.198.194
whitelisted
www.microsoft.com
  • 2.16.253.202
whitelisted
google.com
  • 142.250.181.238
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
XOfgKIsYbBDuJyqmmItAXGibuqJX.XOfgKIsYbBDuJyqmmItAXGibuqJX
unknown
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted
x.ns.gin.ntt.net
  • 129.250.35.250
whitelisted
ts1.aco.net
  • 193.171.23.163
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
dm-Setup-v.exe