File name:

HiddenFileFinder.zip

Full analysis: https://app.any.run/tasks/33fa753d-ca7b-4e52-94d1-b867dbd11a8c
Verdict: Malicious activity
Analysis date: January 15, 2025, 09:27:41
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-doc
arch-html
advancedinstaller
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

5FFC3D75C34120DFFFE97875097FE84A

SHA1:

97B18F8B8D4EA532DFBEC9D49AD6FD936D561667

SHA256:

C81DFFCF7B0B2E9A434D26741BE24F262F7F980781ED9650E0350098460DEDAC

SSDEEP:

98304:f8EpDdudL977LZHlkxjyb3PGs0gbf/bpdYoW5oYDsPPuEc4j77spp+zvbW7lPH21:63aY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6212)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 6212)
      • MSIB4B4.tmp (PID: 5308)
      • Setup_HiddenFileFinder.exe (PID: 6408)

    • ADVANCEDINSTALLER mutex has been found

      • Setup_HiddenFileFinder.exe (PID: 6408)

    • Process drops legitimate windows executable

      • Setup_HiddenFileFinder.exe (PID: 6408)

    • Executable content was dropped or overwritten

      • Setup_HiddenFileFinder.exe (PID: 6408)
      • Setup_HiddenFileFinder.exe (PID: 6364)

    • Reads the Windows owner or organization settings

      • Setup_HiddenFileFinder.exe (PID: 6408)

    • Application launched itself

      • Setup_HiddenFileFinder.exe (PID: 6408)

    • Starts application with an unusual extension

      • Setup_HiddenFileFinder.exe (PID: 6408)

    • Creates file in the systems drive root

      • HiddenFileFinder.exe (PID: 4944)

  • INFO

    • The process uses the downloaded file

      • WinRAR.exe (PID: 6212)

    • Checks supported languages

      • Setup_HiddenFileFinder.exe (PID: 6408)
      • msiexec.exe (PID: 6472)
      • msiexec.exe (PID: 6556)
      • Setup_HiddenFileFinder.exe (PID: 6364)
      • identity_helper.exe (PID: 8184)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6212)
      • msiexec.exe (PID: 6472)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 6212)
      • Setup_HiddenFileFinder.exe (PID: 6408)
      • msiexec.exe (PID: 6472)
      • Setup_HiddenFileFinder.exe (PID: 6364)

    • Reads the computer name

      • Setup_HiddenFileFinder.exe (PID: 6408)
      • msiexec.exe (PID: 6472)
      • msiexec.exe (PID: 6556)
      • MSIB4B4.tmp (PID: 5308)
      • identity_helper.exe (PID: 8184)

    • Create files in a temporary directory

      • Setup_HiddenFileFinder.exe (PID: 6408)

    • Reads Environment values

      • Setup_HiddenFileFinder.exe (PID: 6408)
      • msiexec.exe (PID: 1064)
      • identity_helper.exe (PID: 8184)

    • Creates files or folders in the user directory

      • Setup_HiddenFileFinder.exe (PID: 6408)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6472)

    • Application launched itself

      • msedge.exe (PID: 6708)
      • msedge.exe (PID: 4624)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2019:10:18 17:55:12
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: HiddenFileFinder/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
195
Monitored processes
62
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe setup_hiddenfilefinder.exe msiexec.exe msiexec.exe no specs setup_hiddenfilefinder.exe msiexec.exe no specs msib4b3.tmp no specs msib4b4.tmp no specs hiddenfilefinder.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
188"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5580 --field-trial-handle=2468,i,3134817746408713973,5465156261597957467,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
732"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3332 --field-trial-handle=2304,i,18203235958313427151,13141059151596499272,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1064C:\Windows\syswow64\MsiExec.exe -Embedding 214764C002EA41268213C384B85AEDF7C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1144"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6976 --field-trial-handle=2468,i,3134817746408713973,5465156261597957467,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2136"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\SecurityXploded\Hidden File Finder\Readme.htmlC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeMSIB4B3.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2744"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3724 --field-trial-handle=2468,i,3134817746408713973,5465156261597957467,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2796"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5396 --field-trial-handle=2468,i,3134817746408713973,5465156261597957467,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2804"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4900 --field-trial-handle=2304,i,18203235958313427151,13141059151596499272,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2940"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4092 --field-trial-handle=2468,i,3134817746408713973,5465156261597957467,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3724"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5068 --field-trial-handle=2304,i,18203235958313427151,13141059151596499272,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
12 124
Read events
11 965
Write events
151
Delete events
8

Modification events

(PID) Process:(6212) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6212) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6212) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6212) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\HiddenFileFinder.zip
(PID) Process:(6212) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6212) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6212) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6212) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6472) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
481900006EEBE6C32F67DB01
(PID) Process:(6472) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
43DA8C44AA68C8AD5EA60D44B18DE05164798C135BF34BCEC544914289FDB749
Executable files
38
Suspicious files
330
Text files
139
Unknown types
6

Dropped files

PID
Process
Filename
Type
6408Setup_HiddenFileFinder.exeC:\Users\admin\AppData\Roaming\SecurityXploded\Hidden File Finder 8.0\install\decoder.dllexecutable
MD5:0C10D4D32C009BE36AF2E69BEA8F9918
SHA256:AB3C89B9C8E4DBCA133A42CCAAADEA3C338E837AAF490749B379AFF0C4E41CCB
6408Setup_HiddenFileFinder.exeC:\Users\admin\AppData\Roaming\SecurityXploded\Hidden File Finder 8.0\install\8687F31\HiddenFileFinder.msiexecutable
MD5:6CF03697A0E61361D8AEA03EB9115E5D
SHA256:B1FE5EEED33A6467B11622FB2EDEA60FF9DC210E6F1F50139296AA269EB83974
6212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6212.8501\HiddenFileFinder\Get Enterprise Softwares.htmlhtml
MD5:B8BB577506DCA9F4FFEBD14F403D3E62
SHA256:235A585DD12E3D668604F1B41538B48F02419DECD35D07A57ACB478B965E93FA
6212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6212.8501\HiddenFileFinder\Readme.htmlhtml
MD5:1AA5E6F0738EE0E0DECCE062969BC8B4
SHA256:CB32382ECFDC39029BC87667B1565250C4012A1EF1FB258FF9C42D1143022FBF
6212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6212.8501\HiddenFileFinder\SecurityXploded_License.pdfpdf
MD5:DE0EEDA3116AAB937ACD68E9640A95FA
SHA256:F53AD2FDDB3DBEC45CC23C320CC1367A66D0A479F4C29E0D6EAE94748348FBD7
6408Setup_HiddenFileFinder.exeC:\Users\admin\AppData\Roaming\SecurityXploded\Hidden File Finder 8.0\install\8687F31\HiddenFileFinder.aiuiexecutable
MD5:65F574198DE5089EFE8D7EFBD999AE27
SHA256:45E8F107B66E6B31F77720E46A66E5E80C92A7E6244DBB33636ACF7285C2A674
6408Setup_HiddenFileFinder.exeC:\Users\admin\AppData\Local\Temp\AI_EXTUI_BIN_6408\installer_minbackground.jpgimage
MD5:4803AF8D5739D1983939214F3F1DE420
SHA256:A943EDF18CB701EDD53E42CBE13D6E70111897874F11DD7FE505262482BB1CBE
6408Setup_HiddenFileFinder.exeC:\Users\admin\AppData\Local\Temp\shi75CF.tmpexecutable
MD5:CE85F5D941EBCA72DA2A55835B303EB9
SHA256:6CF60B8101CBB475F3803E18617172CC180AFA4BC0CA8CA261C2AB6ED1C93EA1
6408Setup_HiddenFileFinder.exeC:\Users\admin\AppData\Local\Temp\AI_EXTUI_BIN_6408\installer_background.jpgimage
MD5:5B34E845DC4D57F5CC4DAA0492980D19
SHA256:27B89E45BBC31A069FE577D504C3045A6035CDEA0DEE36F1240E0663F246B528
6408Setup_HiddenFileFinder.exeC:\Users\admin\AppData\Local\Temp\AI_EXTUI_BIN_6408\installlogoiconimage
MD5:2D030BB775A8D74CC5D39910601FA7D6
SHA256:FA387D12AEF97734A3B8A079B462447FB977ABEEF5987D5EE5B4217F1057CC2D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
83
DNS requests
84
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
488
svchost.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7676
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6784
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
440
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2ed1297e-f6c9-4355-aec4-433ea371b116?P1=1737478799&P2=404&P3=2&P4=H4JUiFG4NvNPJ1dr2hN26TPLbwlqvTwtRTOdtAQlTCC0bdkSOfNTNLF5FQu5KXbbXTMua%2fQSssM3GODtMrf2fQ%3d%3d
unknown
whitelisted
7676
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
440
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2ed1297e-f6c9-4355-aec4-433ea371b116?P1=1737478799&P2=404&P3=2&P4=H4JUiFG4NvNPJ1dr2hN26TPLbwlqvTwtRTOdtAQlTCC0bdkSOfNTNLF5FQu5KXbbXTMua%2fQSssM3GODtMrf2fQ%3d%3d
unknown
whitelisted
440
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2ed1297e-f6c9-4355-aec4-433ea371b116?P1=1737478799&P2=404&P3=2&P4=H4JUiFG4NvNPJ1dr2hN26TPLbwlqvTwtRTOdtAQlTCC0bdkSOfNTNLF5FQu5KXbbXTMua%2fQSssM3GODtMrf2fQ%3d%3d
unknown
whitelisted
440
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2ed1297e-f6c9-4355-aec4-433ea371b116?P1=1737478799&P2=404&P3=2&P4=H4JUiFG4NvNPJ1dr2hN26TPLbwlqvTwtRTOdtAQlTCC0bdkSOfNTNLF5FQu5KXbbXTMua%2fQSssM3GODtMrf2fQ%3d%3d
unknown
whitelisted
440
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2ed1297e-f6c9-4355-aec4-433ea371b116?P1=1737478799&P2=404&P3=2&P4=H4JUiFG4NvNPJ1dr2hN26TPLbwlqvTwtRTOdtAQlTCC0bdkSOfNTNLF5FQu5KXbbXTMua%2fQSssM3GODtMrf2fQ%3d%3d
unknown
whitelisted
440
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2ed1297e-f6c9-4355-aec4-433ea371b116?P1=1737478799&P2=404&P3=2&P4=H4JUiFG4NvNPJ1dr2hN26TPLbwlqvTwtRTOdtAQlTCC0bdkSOfNTNLF5FQu5KXbbXTMua%2fQSssM3GODtMrf2fQ%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4712
MoUsoCoreWorker.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
488
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6016
RUXIMICS.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
488
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
488
svchost.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
488
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
488
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.23.227.208:443
www.bing.com
Ooredoo Q.S.C.
QA
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.46
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.16.164.9
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 2.23.181.156
whitelisted
www.bing.com
  • 2.23.227.208
  • 2.23.227.198
  • 2.23.227.219
  • 2.23.227.203
  • 2.23.227.221
whitelisted
ocsp.digicert.com
  • 2.23.77.188
  • 2.17.190.73
whitelisted
login.live.com
  • 20.190.159.75
  • 20.190.159.68
  • 20.190.159.73
  • 40.126.31.67
  • 40.126.31.69
  • 40.126.31.73
  • 20.190.159.2
  • 20.190.159.64
whitelisted
go.microsoft.com
  • 2.23.242.9
  • 23.218.210.69
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted

Threats

PID
Process
Class
Message
6652
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
6652
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
6652
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
6652
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
6652
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
6652
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
6652
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
6652
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
HiddenFileFinder.zip