File name:

sidify-music-converter.exe

Full analysis: https://app.any.run/tasks/3ba85fe3-efb5-4874-9a0e-ee7809279cf0
Verdict: Malicious activity
Analysis date: January 02, 2025, 18:56:45
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

B90B6174637B9F21C631CACBB9897014

SHA1:

ED687D22A4A28BCF85FC945D945B27E854B8E61E

SHA256:

C95E10E9EB73FF7909E3145441171BBEA75CCC8179B8A13515E47D51DC077AA2

SSDEEP:

98304:8J8sq5uCNF4I9tX/UtrbwI+3r8mEIFETc3hKilkmeGLELGne/LfwJBbzWgSo6PTW:8asl+jqu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • sidify-music-converter.exe (PID: 6532)

    • Executable content was dropped or overwritten

      • sidify-music-converter.exe (PID: 6532)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6564)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 6564)

    • Process drops legitimate windows executable

      • sidify-music-converter.exe (PID: 6532)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6564)
      • MicrosoftEdgeUpdate.exe (PID: 6640)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 6640)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 6640)

  • INFO

    • The sample compiled with english language support

      • sidify-music-converter.exe (PID: 6532)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6564)
      • MicrosoftEdgeUpdate.exe (PID: 6640)

    • Checks supported languages

      • MicrosoftEdgeWebview2Setup.exe (PID: 6564)
      • sidify-music-converter.exe (PID: 6532)
      • MicrosoftEdgeUpdate.exe (PID: 6640)

    • Reads the computer name

      • MicrosoftEdgeUpdate.exe (PID: 6640)

    • Creates files in the program directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 6564)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 6640)
      • wermgr.exe (PID: 5792)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 6640)

    • Checks proxy server information

      • wermgr.exe (PID: 5792)
      • MicrosoftEdgeUpdate.exe (PID: 6640)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 6640)

    • Manual execution by a user

      • chrome.exe (PID: 1760)

    • Application launched itself

      • chrome.exe (PID: 1760)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.1.0
ProductVersionNumber: 1.0.1.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: sidify
FileDescription: Sidify Music Converter Installer
ProductName: Sidify Music Converter Installer
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
144
Monitored processes
16
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start sidify-music-converter.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe rundll32.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs sidify-music-converter.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
432"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1936,i,17537724066641414739,7476257599518813914,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1328"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3156 --field-trial-handle=1936,i,17537724066641414739,7476257599518813914,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1760"C:\Program Files\Google\Chrome\Application\chrome.exe" "--disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3172"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=122.0.6261.70 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff82135dc40,0x7ff82135dc4c,0x7ff82135dc58C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4444C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
5732"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1936,i,17537724066641414739,7476257599518813914,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5792"C:\WINDOWS\system32\wermgr.exe" "-outproc" "0" "6640" "2108" "2168" "2208" "0" "0" "0" "0" "0" "0" "0" "0" C:\Windows\SysWOW64\wermgr.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wermgr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
6300"C:\Users\admin\Desktop\sidify-music-converter.exe" C:\Users\admin\Desktop\sidify-music-converter.exeexplorer.exe
User:
admin
Company:
sidify
Integrity Level:
MEDIUM
Description:
Sidify Music Converter Installer
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\sidify-music-converter.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6532"C:\Users\admin\Desktop\sidify-music-converter.exe" C:\Users\admin\Desktop\sidify-music-converter.exe
explorer.exe
User:
admin
Company:
sidify
Integrity Level:
HIGH
Description:
Sidify Music Converter Installer
Exit code:
2
Modules
Images
c:\users\admin\desktop\sidify-music-converter.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6564C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /installC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
sidify-music-converter.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update Setup
Exit code:
2147747592
Version:
1.3.193.5
Modules
Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
6 426
Read events
6 387
Write events
37
Delete events
2

Modification events

(PID) Process:(6640) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe
Operation:writeName:DisableExceptionChainValidation
Value:
0
(PID) Process:(6640) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\PersistedPings\{1413F519-6E6F-4A3F-A1DB-E7192CCC9638}
Operation:writeName:PersistedPingString
Value:
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" updater="Omaha" updaterversion="1.3.193.5" shell_version="1.3.147.37" ismachine="1" sessionid="{7894E69F-D10B-4B89-A5BE-C31D7C088D34}" userid="{FD984739-A122-4DB0-BE5B-46E3E09D84E4}" installsource="otherinstallcmd" requestid="{1413F519-6E6F-4A3F-A1DB-E7192CCC9638}" dedup="cr" domainjoined="0"><hw logical_cpus="4" physmemory="4" disk_type="2" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="10.0.19045.4046" sp="" arch="x64" product_type="48" is_wip="0" is_in_lockdown_mode="0"/><oem product_manufacturer="DELL" product_name="DELL"/><exp etag="&quot;r452t1+k2Tgq/HXzjvFNBRhopBWR9sbjXxqeUDH9uX0=&quot;"/><app appid="{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}" version="1.3.185.17" nextversion="1.3.193.5" lang="" brand="" client=""><event eventtype="2" eventresult="1" errorcode="0" extracode1="0" system_uptime_ticks="12700928847" install_time_ms="609"/></app></request>
(PID) Process:(6640) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\PersistedPings\{1413F519-6E6F-4A3F-A1DB-E7192CCC9638}
Operation:writeName:PersistedPingTime
Value:
133803178138976398
(PID) Process:(6640) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\proxy
Operation:writeName:source
Value:
auto
(PID) Process:(6640) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\PersistedPings\{1413F519-6E6F-4A3F-A1DB-E7192CCC9638}
Operation:delete keyName:(default)
Value:
(PID) Process:(6640) MicrosoftEdgeUpdate.exeKey:\REGISTRY\A\{3178732a-9d04-2df2-a788-641641a4364c}\Root\InventoryApplicationFile
Operation:writeName:WritePermissionsCheck
Value:
1
(PID) Process:(6640) MicrosoftEdgeUpdate.exeKey:\REGISTRY\A\{3178732a-9d04-2df2-a788-641641a4364c}\Root\InventoryApplicationFile\PermissionsCheckTestKey
Operation:delete keyName:(default)
Value:
(PID) Process:(5792) wermgr.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
Operation:writeName:ClockTimeSeconds
Value:
88E1766700000000
(PID) Process:(5792) wermgr.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
Operation:writeName:TickCount
Value:
0BA8130000000000
(PID) Process:(6640) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\UsageStats\Daily\Timings
Operation:writeName:setup_lock_acquire_ms
Value:
0300000000000000000000000000000000000000000000000000000000000000
Executable files
203
Suspicious files
11
Text files
21
Unknown types
4

Dropped files

PID
Process
Filename
Type
6564MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EU5874.tmp\MicrosoftEdgeUpdate.exeexecutable
MD5:090901EBEFC233CC46D016AF98BE6D53
SHA256:7864BB95EB14E0AE1C249759CB44AD746E448007563B7430911755CF17EA5A77
6564MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EU5874.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:4E1BED27BAFAA6F0A9B6B6B1481A76AE
SHA256:868D178EF15F87DF290A4D06DBD7B72F3A1B6E0F2C680D67045AD6051C7DC1E6
6564MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EU5874.tmp\psuser_64.dllexecutable
MD5:A89808BFD9091ED531EA5F5C5C2FC232
SHA256:D801F2ABD497EF3B03A32B1FA06B397C81CBA71BE7A5C6FBDB183D922E237924
6564MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EU5874.tmp\psmachine_arm64.dllexecutable
MD5:AFA578AACC3296B3C898951A0CECF31C
SHA256:55B84ED61D572BEA522CA45C4DFB485A6D05DD5FAF8E8844429008D77C0AAC73
6564MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EU5874.tmp\MicrosoftEdgeComRegisterShellARM64.exeexecutable
MD5:5679308B2E276BD371798AC8D579B1F9
SHA256:C9AEF2D24F1C77A366B327B869E4103ED8276EA83B2B40942718CC134A1E122F
6564MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EU5874.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:8428E306E866FE7972F05B6BE814C1CF
SHA256:855E2F2FAB4968261704CAB9BAE294FB7EC8B9C26E4D1708E29E26C454C7B0AF
6564MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EU5874.tmp\psuser.dllexecutable
MD5:5FC9E2E9E7F2AE6BDF66915F317BF12B
SHA256:12E75D69EB62B55F5B7DFA6772BC37DC8F51BC036041C51AA3951E4444C87DC3
6564MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EU5874.tmp\psmachine.dllexecutable
MD5:47842E28A3F011BC99A1898CC9A91AF6
SHA256:1B0C4CB716DDCCE5791854376D0BA90BBBD8111048647270F3827EDD1034914A
6564MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EU5874.tmp\psuser_arm64.dllexecutable
MD5:3B226A2484899AFA6DE93A82D9FBCC4F
SHA256:6D64BDADFF5F3216753E737D4E19A09A00B19D80403172675041E903EA5C2DF4
6564MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EU5874.tmp\EdgeUpdate.dathiv
MD5:369BBC37CFF290ADB8963DC5E518B9B8
SHA256:3D7EC761BEF1B1AF418B909F1C81CE577C769722957713FDAFBC8131B0A0C7D3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
38
DNS requests
26
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5792
wermgr.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6204
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
23.48.23.193:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6204
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5792
wermgr.exe
GET
200
23.48.23.173:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3508
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
104.126.37.178:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
23.48.23.193:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
1076
svchost.exe
23.218.210.69:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
  • 20.73.194.208
  • 51.124.78.146
whitelisted
www.bing.com
  • 104.126.37.178
  • 104.126.37.186
  • 104.126.37.137
  • 104.126.37.171
  • 104.126.37.179
  • 104.126.37.130
  • 104.126.37.184
  • 104.126.37.146
  • 104.126.37.170
whitelisted
google.com
  • 142.250.185.110
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl.microsoft.com
  • 23.48.23.193
  • 23.48.23.182
  • 23.48.23.186
  • 23.48.23.134
  • 23.48.23.191
  • 23.48.23.188
  • 23.48.23.184
  • 23.48.23.138
  • 23.48.23.190
  • 23.48.23.173
  • 23.48.23.150
  • 23.48.23.166
  • 23.48.23.177
  • 23.48.23.161
  • 23.48.23.156
  • 23.48.23.146
  • 23.48.23.176
  • 23.48.23.164
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
go.microsoft.com
  • 23.218.210.69
whitelisted
login.live.com
  • 40.126.31.69
  • 40.126.31.71
  • 20.190.159.23
  • 40.126.31.73
  • 20.190.159.75
  • 20.190.159.2
  • 20.190.159.4
  • 20.190.159.73
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
sidify-music-converter.exe