File name:

Windows-ISO-Downloader.exe

Full analysis: https://app.any.run/tasks/6cfb246d-5c4d-4ae2-a29b-8643d3ce82cd
Verdict: Malicious activity
Analysis date: August 06, 2024, 10:08:52
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:

42BE2387EA24923622219A33C504C091

SHA1:

1F4BA0EEFBF14AA351DEBE48FED9756C301FA866

SHA256:

D9E52B0DBB5D3540016497C913E4186433C2ECD14E359EB841D5D93C8B021AEF

SSDEEP:

98304:WI68IzIRIRIlgRnQmlGx0zcFLWoDy9G32dm/RUFVHB/mQJCyE:gXRnQm5yWoDy9GGOIlBew8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Scans artifacts that could help determine the target

      • Windows-ISO-Downloader.exe (PID: 6480)

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Reads security settings of Internet Explorer

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Reads Internet Explorer settings

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Checks Windows Trust Settings

      • Windows-ISO-Downloader.exe (PID: 6480)

  • INFO

    • Reads the computer name

      • Windows-ISO-Downloader.exe (PID: 6480)
      • identity_helper.exe (PID: 1644)

    • Checks supported languages

      • Windows-ISO-Downloader.exe (PID: 6480)
      • identity_helper.exe (PID: 1644)

    • Checks proxy server information

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Reads the machine GUID from the registry

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Process checks Internet Explorer phishing filters

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Reads Environment values

      • Windows-ISO-Downloader.exe (PID: 6480)
      • identity_helper.exe (PID: 1644)

    • Reads the software policy settings

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Create files in a temporary directory

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Disables trace logs

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Creates files or folders in the user directory

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Reads Microsoft Office registry keys

      • Windows-ISO-Downloader.exe (PID: 6480)
      • msedge.exe (PID: 6260)

    • Application launched itself

      • msedge.exe (PID: 6260)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:01:07 23:09:27+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32
LinkerVersion: 80
CodeSize: 6998016
InitializedDataSize: 308736
UninitializedDataSize: -
EntryPoint: 0x6ae7a2
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 8.46.0.154
ProductVersionNumber: 8.46.0.154
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: HeiDoc V.O.F.
FileDescription: Windows ISO Downloader
FileVersion: 8.46.0.0154
InternalName: Windows-ISO-Downloader.exe
LegalCopyright: Copyright © 2016-2020
LegalTrademarks: -
OriginalFileName: Windows-ISO-Downloader.exe
ProductName: Windows ISO Downloader
ProductVersion: 8.46.0.0154
AssemblyVersion: 8.46.0.154
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
171
Monitored processes
51
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start windows-iso-downloader.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1060"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5568 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3560 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1644"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1548 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1644"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=8020 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcp_win.dll
1784"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1584 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2636"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5832 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3164"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=6552 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3324"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1304 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3800"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4492 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4280"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=7424 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
15 612
Read events
15 433
Write events
176
Delete events
3

Modification events

(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows-ISO-Downloader_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows-ISO-Downloader_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows-ISO-Downloader_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows-ISO-Downloader_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows-ISO-Downloader_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
Executable files
2
Suspicious files
270
Text files
105
Unknown types
14

Dropped files

PID
Process
Filename
Type
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\font[1].eoteot
MD5:13B34B863EE2DFBD2D403E61A6FFF33A
SHA256:E9CD2DA0F17E5215003BDE4A71D2F65EDB5BBCC2105391C575D36D2B0AEE5BE6
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Temp\4640244a-2fd3-4a08-bce0-95bd154c4dd4.csstext
MD5:C7E730F5C5B1884ABFDFBDCC69C1B4BA
SHA256:65A2D5BD6ADCFA48BE0D3C1DE2780421CBA0E394EB1B8F564880715512B6E707
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Temp\3228007d-34bf-4796-90da-ee9c339435b8.csstext
MD5:3CD25829FBA084F9F6B743E8E07DF5CB
SHA256:1FD0CA240E45867CB52ED50910B92A6A3273E70B723F47F5F4BE9F0FDFB08756
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Temp\d38f5593-4b11-47f1-bc1e-f3cb78aa0810.jstext
MD5:52B0A6C2004D753820BBC3E8469EC3B0
SHA256:804CFE5038FB95F4AF2A648E436D33BFA1410B7D2F0B979335BD69B41198CB03
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\BehV6u5rNyBZyWQKwsDTJska5xVQKX3f8XGSrEx1ecU[1].jss
MD5:ACB14A4CD0DADC676A85509BBE3068CE
SHA256:05E855EAEE6B372059C9640AC2C0D326C91AE71550297DDFF17192AC4C7579C5
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KN3Q2RZN\www.youtube[1].xmltext
MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\www-player[1].csstext
MD5:4147601D8F448BC7E1354052379D5206
SHA256:47F5B679692A651198268A8EBC5EEBD5D556E046D79F98B5B76F855382C323E7
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\KFOlCnqEu92Fr1MmEU9fBBc8[1].eotbinary
MD5:03BB29D6722BF52F7FE88A6ED47D9E6E
SHA256:DAA5D6292A35A6DC7E075436D0567DBE02515D5E886731FA5CA230E3D8FE26DD
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\css2[1].csstext
MD5:5EE65DDEE091B400D382600719887DCC
SHA256:5F5A241E8E850C7167E0FBD8F85F43ABFE7D88E6306BE54517A939C4923A823E
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\6jzQ9QVqexw[1].htmhtml
MD5:2CDF66DB944DF282D1FFF7A3A1048E79
SHA256:3B44C4D998CB24A6528F712FCA982F63686BB1E127EDBCF462E4B4C5B9169E96
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
368
TCP/UDP connections
253
DNS requests
221
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
OPTIONS
200
142.250.186.106:443
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
unknown
GET
302
142.250.184.238:443
https://googleads.g.doubleclick.net/pagead/id
unknown
GET
204
172.217.16.206:443
https://www.youtube.com/generate_204?oKyrDQ
unknown
GET
200
172.217.18.14:443
https://www.youtube.com/s/player/b12cc44b/www-player.css
unknown
text
373 Kb
GET
200
142.250.184.227:443
https://fonts.gstatic.com/l/font?kit=memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0C4m&skey=62c1cbfccc78b4b2&v=v40
unknown
binary
62.2 Kb
GET
200
104.168.147.90:443
https://www.heidoc.net/php/whatsnew.html
unknown
html
1.94 Kb
GET
200
142.250.186.142:443
https://www.youtube.com/s/player/b12cc44b/www-embed-player.vflset/www-embed-player.js
unknown
binary
324 Kb
GET
200
104.168.147.90:443
https://www.heidoc.net/php/isocachev8.php
unknown
xml
54 b
GET
200
172.217.18.10:443
https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap
unknown
text
266 b
GET
200
142.250.186.118:443
https://i.ytimg.com/vi/6jzQ9QVqexw/sddefault.jpg
unknown
image
58.2 Kb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4100
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6012
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
4324
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6480
Windows-ISO-Downloader.exe
104.168.147.90:443
www.heidoc.net
HOSTWINDS
US
unknown
6480
Windows-ISO-Downloader.exe
172.217.18.10:443
fonts.googleapis.com
GOOGLE
US
whitelisted
6480
Windows-ISO-Downloader.exe
142.250.184.227:443
fonts.gstatic.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
google.com
  • 216.58.206.78
whitelisted
www.heidoc.net
  • 104.168.147.90
whitelisted
aa.online-metrix.net
  • 91.235.132.129
whitelisted
c.bing.com
  • 204.79.197.237
  • 13.107.21.237
whitelisted
fonts.googleapis.com
  • 172.217.18.10
whitelisted
fonts.gstatic.com
  • 142.250.184.227
  • 142.250.185.67
whitelisted
www.youtube.com
  • 142.250.186.142
  • 172.217.18.14
  • 216.58.212.142
  • 172.217.23.110
  • 216.58.206.46
  • 172.217.16.206
  • 142.250.185.110
  • 142.250.185.206
  • 142.250.185.142
  • 142.250.186.110
  • 142.250.185.174
  • 142.250.185.78
  • 142.250.184.206
  • 142.250.186.174
  • 216.58.206.78
  • 142.250.74.206
whitelisted
googleads.g.doubleclick.net
  • 142.250.184.226
whitelisted
static.doubleclick.net
  • 216.58.206.38
whitelisted

Threats

PID
Process
Class
Message
5300
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
5300
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Windows-ISO-Downloader.exe