File name:

Office_2024_ES_64Bits.exe

Full analysis: https://app.any.run/tasks/cf509be8-421f-4c87-8fb9-e72463939f5c
Verdict: Malicious activity
Analysis date: December 19, 2024, 02:50:31
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
maldoc-5
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

0BCBC7DBF952556A52DFCB2A01E7F40E

SHA1:

33A365AC96425FD4E98FD5F38289B9AF9C3B04D9

SHA256:

CC0BC9DD9C76F19C1993E00CD80E23FA9710F564F395FDD11E207EC1B6717CB7

SSDEEP:

98304:RfLIQ/3you0LTVZOyCrFW+JdcIfrp41GzL6u4Ndl2etH7M5ozFhGW9rPhVGaiimC:PjaiqbNu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Scans artifacts that could help determine the target

      • setup.exe (PID: 6716)
      • setup.exe (PID: 7088)
      • setup.exe (PID: 5712)
      • setup.exe (PID: 2572)
      • setup.exe (PID: 1076)
      • setup.exe (PID: 3736)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Office_2024_ES_64Bits.exe (PID: 6260)

    • Reads Internet Explorer settings

      • Office_2024_ES_64Bits.exe (PID: 6260)
      • Office_2024_ES_64Bits.exe (PID: 7044)

    • Starts CMD.EXE for commands execution

      • Office_2024_ES_64Bits.exe (PID: 6260)
      • Office_2024_ES_64Bits.exe (PID: 7044)

    • The executable file from the user directory is run by the CMD process

      • setup.exe (PID: 6716)
      • setup.exe (PID: 5712)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 6716)
      • Office_2024_ES_64Bits.exe (PID: 6260)
      • setup.exe (PID: 7088)
      • Office_2024_ES_64Bits.exe (PID: 7044)
      • setup.exe (PID: 2572)
      • setup.exe (PID: 5712)
      • setup.exe (PID: 3736)
      • setup.exe (PID: 1076)

    • Process drops legitimate windows executable

      • Office_2024_ES_64Bits.exe (PID: 6260)
      • msiexec.exe (PID: 4512)

    • Executing commands from a ".bat" file

      • Office_2024_ES_64Bits.exe (PID: 6260)
      • Office_2024_ES_64Bits.exe (PID: 7044)

    • Searches for installed software

      • setup.exe (PID: 7088)
      • setup.exe (PID: 2572)

    • Application launched itself

      • setup.exe (PID: 6716)
      • setup.exe (PID: 5712)
      • setup.exe (PID: 3736)

    • Reads Microsoft Outlook installation path

      • Office_2024_ES_64Bits.exe (PID: 6260)
      • Office_2024_ES_64Bits.exe (PID: 7044)

    • Checks Windows Trust Settings

      • setup.exe (PID: 7088)
      • setup.exe (PID: 6716)
      • setup.exe (PID: 2572)
      • setup.exe (PID: 5712)
      • setup.exe (PID: 1076)
      • setup.exe (PID: 3736)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 3560)
      • schtasks.exe (PID: 5912)
      • schtasks.exe (PID: 6308)

  • INFO

    • Checks proxy server information

      • Office_2024_ES_64Bits.exe (PID: 6260)
      • setup.exe (PID: 6716)
      • Office_2024_ES_64Bits.exe (PID: 7044)
      • setup.exe (PID: 7088)
      • setup.exe (PID: 2572)
      • setup.exe (PID: 5712)
      • setup.exe (PID: 1076)
      • setup.exe (PID: 3736)

    • Checks supported languages

      • setup.exe (PID: 6716)
      • Office_2024_ES_64Bits.exe (PID: 6260)
      • setup.exe (PID: 7088)
      • Office_2024_ES_64Bits.exe (PID: 7044)
      • setup.exe (PID: 2572)
      • setup.exe (PID: 5712)
      • setup.exe (PID: 3736)
      • setup.exe (PID: 1076)
      • msiexec.exe (PID: 4512)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 6716)
      • setup.exe (PID: 7088)
      • setup.exe (PID: 2572)
      • setup.exe (PID: 5712)
      • setup.exe (PID: 1076)
      • setup.exe (PID: 3736)

    • Process checks whether UAC notifications are on

      • setup.exe (PID: 6716)
      • setup.exe (PID: 5712)
      • setup.exe (PID: 3736)

    • Reads the computer name

      • setup.exe (PID: 6716)
      • setup.exe (PID: 7088)
      • Office_2024_ES_64Bits.exe (PID: 6260)
      • Office_2024_ES_64Bits.exe (PID: 7044)
      • setup.exe (PID: 5712)
      • setup.exe (PID: 2572)
      • setup.exe (PID: 3736)
      • setup.exe (PID: 1076)
      • msiexec.exe (PID: 4512)

    • The process uses the downloaded file

      • setup.exe (PID: 6716)
      • Office_2024_ES_64Bits.exe (PID: 6260)
      • setup.exe (PID: 7088)
      • Office_2024_ES_64Bits.exe (PID: 7044)
      • setup.exe (PID: 5712)
      • setup.exe (PID: 3736)

    • Process checks computer location settings

      • Office_2024_ES_64Bits.exe (PID: 6260)
      • setup.exe (PID: 6716)
      • setup.exe (PID: 7088)
      • Office_2024_ES_64Bits.exe (PID: 7044)
      • setup.exe (PID: 5712)
      • setup.exe (PID: 2572)
      • setup.exe (PID: 3736)
      • setup.exe (PID: 1076)

    • Reads the software policy settings

      • setup.exe (PID: 6716)
      • setup.exe (PID: 7088)
      • setup.exe (PID: 2572)
      • setup.exe (PID: 5712)
      • setup.exe (PID: 1076)
      • setup.exe (PID: 3736)

    • Creates files or folders in the user directory

      • setup.exe (PID: 6716)
      • setup.exe (PID: 7088)
      • setup.exe (PID: 2572)
      • setup.exe (PID: 5712)
      • setup.exe (PID: 3736)

    • Reads Microsoft Office registry keys

      • setup.exe (PID: 7088)
      • setup.exe (PID: 6716)
      • setup.exe (PID: 5712)
      • setup.exe (PID: 2572)
      • setup.exe (PID: 3736)
      • setup.exe (PID: 1076)

    • Reads Environment values

      • setup.exe (PID: 7088)
      • setup.exe (PID: 6716)
      • setup.exe (PID: 5712)
      • setup.exe (PID: 2572)
      • setup.exe (PID: 1076)
      • setup.exe (PID: 3736)

    • Create files in a temporary directory

      • setup.exe (PID: 6716)
      • setup.exe (PID: 7088)
      • setup.exe (PID: 2572)
      • setup.exe (PID: 3736)

    • Manual execution by a user

      • Office_2024_ES_64Bits.exe (PID: 7044)
      • setup.exe (PID: 3736)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 4512)

    • The sample compiled with english language support

      • msiexec.exe (PID: 4512)

    • Application launched itself

      • msiexec.exe (PID: 4512)

    • The sample compiled with german language support

      • msiexec.exe (PID: 4512)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:10:03 07:51:19+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.33
CodeSize: 214528
InitializedDataSize: 263680
UninitializedDataSize: -
EntryPoint: 0x21d50
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
208
Monitored processes
40
Malicious processes
8
Suspicious processes
3

Behavior graph

Click at the process to see the details
start office_2024_es_64bits.exe cmd.exe no specs conhost.exe no specs setup.exe setup.exe conhost.exe no specs rundll32.exe no specs office_2024_es_64bits.exe no specs cmd.exe no specs conhost.exe no specs setup.exe setup.exe conhost.exe no specs setup.exe conhost.exe no specs setup.exe conhost.exe no specs Delivery Optimization User no specs msiexec.exe msiexec.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
440C:\Windows\System32\MsiExec.exe -Embedding 12E3CDD56F1A04B2BF88275828FBBDC3 E Global\MSI0000C:\Windows\System32\msiexec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1016\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1076"C:\Users\admin\Downloads\package\setup.exe" ELEVATED sid=S-1-5-21-1693682860-607145093-2874071422-1001 C:\Users\admin\Downloads\package\setup.exe
setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft 365 and Office
Exit code:
0
Version:
16.0.17531.20046
Modules
Images
c:\users\admin\downloads\package\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
1576schtasks.exe /Create /tn "Microsoft\Office\Office Feature Updates Logon" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml"C:\Windows\System32\schtasks.exeIntegrator.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1888\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2120schtasks.exe /Create /tn "Microsoft\Office\Office Feature Updates" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml"C:\Windows\System32\schtasks.exeIntegrator.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2572"C:\Users\admin\Downloads\package\setup.exe" ELEVATED sid=S-1-5-21-1693682860-607145093-2874071422-1001 /configure configuration.xmlC:\Users\admin\Downloads\package\setup.exe
setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft 365 and Office
Exit code:
4294967295
Version:
16.0.17531.20046
Modules
Images
c:\users\admin\downloads\package\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
3140\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3172C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
3220\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
32 598
Read events
32 180
Write events
182
Delete events
236

Modification events

(PID) Process:(6260) Office_2024_ES_64Bits.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6260) Office_2024_ES_64Bits.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6260) Office_2024_ES_64Bits.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6716) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:en-US
Value:
2
(PID) Process:(6716) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:de-de
Value:
2
(PID) Process:(6716) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:fr-fr
Value:
2
(PID) Process:(6716) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:es-es
Value:
2
(PID) Process:(6716) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:it-it
Value:
2
(PID) Process:(6716) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:ja-jp
Value:
2
(PID) Process:(6716) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:ko-kr
Value:
2
Executable files
33
Suspicious files
31
Text files
11
Unknown types
0

Dropped files

PID
Process
Filename
Type
7088setup.exeC:\Users\admin\AppData\Local\Temp\DESKTOP-JGLLJLD-20241219-0250.logtext
MD5:2E1A93AE337A36CCB457217CEAEC162C
SHA256:023A83A5398ED52DFCA108A2E4164671E157EBCB99D2F7AE9CC483F3896191DD
7088setup.exeC:\Users\admin\AppData\Local\Microsoft\Office\OTele\setup.exe.db-walbinary
MD5:2915F849E0A67039174ADF9761A8D508
SHA256:7570BD23F0BBBA2451750991CC5758053485AA7677258EB46B43B7D7FFA6AB85
7088setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64Ader
MD5:089F9B740A87CB698A0B054FF91777BB
SHA256:1B4FC368D6C852C07FF5DCDE258BFCBB00F9438135807346CC0412549A8BED66
6716setup.exeC:\Users\admin\AppData\Local\Microsoft\Office\OTele\setup.exe.db-shmbinary
MD5:5B7A642CA2CD4E7E318BD1D322F7D81F
SHA256:A03715ADAB7C30D4AC8B385C98AC41F7D9045E1734818CA1C1010E8CEDE689B6
6260Office_2024_ES_64Bits.exeC:\Users\admin\Downloads\package\Click To Run.battext
MD5:AD3ED1D41F9B51F7F203D56597C05958
SHA256:413B8E555D8F42C56D22D6843708F7BFCB0BBEDB4F833BF3C89880665925BD14
6716setup.exeC:\Users\admin\AppData\Local\Microsoft\Office\OTele\setup.exe.db-walbinary
MD5:65C50A2DEA80DC978D412D78D6CEA99A
SHA256:97E873F2D05609FBC4437D36CD81D661B7C61627DB86F04EE40EB94AE8F72550
6260Office_2024_ES_64Bits.exeC:\Users\admin\Downloads\package\setup.exeexecutable
MD5:7488D696F9A3D74E093B4C31EF7282C6
SHA256:B03C4CC3C1377EE81B1F94DA126E58A30F484D4D935889538FAE1C650DD6828B
2572setup.exeC:\Users\admin\AppData\Local\Microsoft\Office\OTele\setup.exe.db-walbinary
MD5:D0F565CCBCC2CDE458070E0B82344D4B
SHA256:A06B27A54B3CEE486947567C15C2A598931373C0CB91D6780C41AF395C3BCE19
7088setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64Abinary
MD5:0B64529FAFB4F276CAE29A8E6BD95F6E
SHA256:EAD6904C387C5527D17E88505751A64E93EDE9C5E8591E90F88A12CFEB7778F8
7088setup.exeC:\Users\admin\AppData\Local\Microsoft\Office\OTele\setup.exe.dbbinary
MD5:34ED672C6E690044FCC370709EE1E0AB
SHA256:10A17C4E5B5AFCCE8AE5A13F879E270AE8DB598BDE3C483A2B3BE867F4FA5418
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
78
DNS requests
51
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.16.164.106:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
1.01 Kb
whitelisted
7088
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
US
binary
471 b
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
US
binary
314 b
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
NL
binary
973 b
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
US
binary
471 b
whitelisted
6100
SystemSettings.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
US
binary
314 b
whitelisted
6100
SystemSettings.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
US
binary
471 b
whitelisted
6404
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
US
binary
471 b
whitelisted
6932
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
DE
binary
418 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
3416
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4712
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.23.209.182:443
www.bing.com
Akamai International B.V.
GB
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2.16.164.106:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
20.190.159.0:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
  • 51.104.136.2
  • 51.124.78.146
whitelisted
google.com
  • 172.217.18.14
whitelisted
www.bing.com
  • 2.23.209.182
  • 2.23.209.130
  • 2.23.209.133
  • 2.23.209.187
  • 2.23.209.149
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl.microsoft.com
  • 2.16.164.106
  • 2.16.164.49
unknown
www.microsoft.com
  • 95.101.149.131
  • 184.30.21.171
whitelisted
login.live.com
  • 20.190.159.0
  • 20.190.159.73
  • 20.190.159.23
  • 40.126.31.71
  • 40.126.31.73
  • 20.190.159.64
  • 20.190.159.4
  • 40.126.31.69
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
officeclient.microsoft.com
  • 52.109.76.240
whitelisted
ecs.office.com
  • 52.113.194.132
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Office_2024_ES_64Bits.exe