File name:

Windows-ISO-Downloader.exe

Full analysis: https://app.any.run/tasks/6cfb246d-5c4d-4ae2-a29b-8643d3ce82cd
Verdict: Malicious activity
Analysis date: August 06, 2024, 10:08:52
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:

42BE2387EA24923622219A33C504C091

SHA1:

1F4BA0EEFBF14AA351DEBE48FED9756C301FA866

SHA256:

D9E52B0DBB5D3540016497C913E4186433C2ECD14E359EB841D5D93C8B021AEF

SSDEEP:

98304:WI68IzIRIRIlgRnQmlGx0zcFLWoDy9G32dm/RUFVHB/mQJCyE:gXRnQm5yWoDy9GGOIlBew8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Scans artifacts that could help determine the target

      • Windows-ISO-Downloader.exe (PID: 6480)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Reads Microsoft Outlook installation path

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Reads Internet Explorer settings

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Checks Windows Trust Settings

      • Windows-ISO-Downloader.exe (PID: 6480)

  • INFO

    • Reads Environment values

      • Windows-ISO-Downloader.exe (PID: 6480)
      • identity_helper.exe (PID: 1644)

    • Process checks Internet Explorer phishing filters

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Reads the machine GUID from the registry

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Checks supported languages

      • Windows-ISO-Downloader.exe (PID: 6480)
      • identity_helper.exe (PID: 1644)

    • Reads the computer name

      • Windows-ISO-Downloader.exe (PID: 6480)
      • identity_helper.exe (PID: 1644)

    • Checks proxy server information

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Disables trace logs

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Reads the software policy settings

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Create files in a temporary directory

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Creates files or folders in the user directory

      • Windows-ISO-Downloader.exe (PID: 6480)

    • Reads Microsoft Office registry keys

      • Windows-ISO-Downloader.exe (PID: 6480)
      • msedge.exe (PID: 6260)

    • Application launched itself

      • msedge.exe (PID: 6260)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:01:07 23:09:27+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32
LinkerVersion: 80
CodeSize: 6998016
InitializedDataSize: 308736
UninitializedDataSize: -
EntryPoint: 0x6ae7a2
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 8.46.0.154
ProductVersionNumber: 8.46.0.154
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: HeiDoc V.O.F.
FileDescription: Windows ISO Downloader
FileVersion: 8.46.0.0154
InternalName: Windows-ISO-Downloader.exe
LegalCopyright: Copyright © 2016-2020
LegalTrademarks: -
OriginalFileName: Windows-ISO-Downloader.exe
ProductName: Windows ISO Downloader
ProductVersion: 8.46.0.0154
AssemblyVersion: 8.46.0.154
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
171
Monitored processes
51
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start windows-iso-downloader.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1060"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5568 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3560 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1644"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1548 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1644"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=8020 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcp_win.dll
1784"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1584 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2636"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5832 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3164"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=6552 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3324"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1304 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3800"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4492 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4280"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=7424 --field-trial-handle=2452,i,7903118373376314412,10425669096712160307,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
15 612
Read events
15 433
Write events
176
Delete events
3

Modification events

(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows-ISO-Downloader_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows-ISO-Downloader_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows-ISO-Downloader_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows-ISO-Downloader_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6480) Windows-ISO-Downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows-ISO-Downloader_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
Executable files
2
Suspicious files
270
Text files
105
Unknown types
14

Dropped files

PID
Process
Filename
Type
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\css2[1].csstext
MD5:5EE65DDEE091B400D382600719887DCC
SHA256:5F5A241E8E850C7167E0FBD8F85F43ABFE7D88E6306BE54517A939C4923A823E
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\unnamed[1].jpgimage
MD5:54EB76903A4DF48A6CC002DC95563212
SHA256:C8535610F6F6DFFAF3D8448FA2F7286358D56799B3F8A019DB67688048BD816E
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\www-embed-player[1].jstext
MD5:A22D1D771E478DDC69498B02095CCC7D
SHA256:AA009888854C2B88E605C346B2A344AF9516AB704F1ED8692F4846E298098833
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KN3Q2RZN\www.youtube[1].xmltext
MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\base[1].jstext
MD5:97B9C07CCBDFB6F8D8AD9A1F6E8873B0
SHA256:C83B6280B855DFB4B40431FF0F7F39B2F1940C51D04AD56F76A85961E4FFAAD4
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\remote[1].jstext
MD5:38A71DA9001B23BF39430402D453005B
SHA256:D4F8502478ED4A860120962B16666A5196357E6E4E640C567F46BC855DEB9F78
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\KFOmCnqEu92Fr1Mu4mxO[1].eoteot
MD5:68889C246DA2739681C1065D15A1AB0B
SHA256:830D75BBF0E1F9289D787422F767B23F9D63FD79DBE75C091A119B6B7155D198
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\KFOlCnqEu92Fr1MmEU9fBBc8[1].eotbinary
MD5:03BB29D6722BF52F7FE88A6ED47D9E6E
SHA256:DAA5D6292A35A6DC7E075436D0567DBE02515D5E886731FA5CA230E3D8FE26DD
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\ad_status[1].jstext
MD5:1FA71744DB23D0F8DF9CCE6719DEFCB7
SHA256:EED0DC1FDB5D97ED188AE16FD5E1024A5BB744AF47340346BE2146300A6C54B9
6480Windows-ISO-Downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\sddefault[1].jpgimage
MD5:0CD0EDA8B148777B5EA7A5C576BC3697
SHA256:8BFD2E67CD295B693D33E8E74E6E853A2463AB20E93BCE4C96F4396F10C773D5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
368
TCP/UDP connections
253
DNS requests
221
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
302
142.250.184.238:443
https://googleads.g.doubleclick.net/pagead/id
unknown
unknown
OPTIONS
200
142.250.186.106:443
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
unknown
unknown
GET
200
142.250.184.227:443
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxO.eot
unknown
eot
17.0 Kb
unknown
GET
200
104.168.147.90:443
https://www.heidoc.net/php/whatsnew.html
unknown
html
1.94 Kb
unknown
GET
200
104.168.147.90:443
https://www.heidoc.net/php/newadditions.php
unknown
text
30.2 Kb
unknown
GET
200
104.168.147.90:443
https://www.heidoc.net/php/isocachev8.php
unknown
xml
54 b
unknown
GET
200
142.250.184.227:443
https://fonts.gstatic.com/l/font?kit=memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0C4m&skey=62c1cbfccc78b4b2&v=v40
unknown
binary
62.2 Kb
unknown
GET
200
142.250.184.238:443
https://static.doubleclick.net/instream/ad_status.js
unknown
text
29 b
unknown
GET
200
142.250.186.142:443
https://www.youtube.com/s/player/b12cc44b/www-embed-player.vflset/www-embed-player.js
unknown
binary
324 Kb
unknown
GET
200
172.217.18.14:443
https://www.youtube.com/s/player/b12cc44b/www-player.css
unknown
text
373 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4100
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6012
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
4324
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6480
Windows-ISO-Downloader.exe
104.168.147.90:443
www.heidoc.net
HOSTWINDS
US
unknown
6480
Windows-ISO-Downloader.exe
172.217.18.10:443
fonts.googleapis.com
GOOGLE
US
whitelisted
6480
Windows-ISO-Downloader.exe
142.250.184.227:443
fonts.gstatic.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
google.com
  • 216.58.206.78
whitelisted
www.heidoc.net
  • 104.168.147.90
whitelisted
aa.online-metrix.net
  • 91.235.132.129
whitelisted
c.bing.com
  • 204.79.197.237
  • 13.107.21.237
whitelisted
fonts.googleapis.com
  • 172.217.18.10
whitelisted
fonts.gstatic.com
  • 142.250.184.227
  • 142.250.185.67
whitelisted
www.youtube.com
  • 142.250.186.142
  • 172.217.18.14
  • 216.58.212.142
  • 172.217.23.110
  • 216.58.206.46
  • 172.217.16.206
  • 142.250.185.110
  • 142.250.185.206
  • 142.250.185.142
  • 142.250.186.110
  • 142.250.185.174
  • 142.250.185.78
  • 142.250.184.206
  • 142.250.186.174
  • 216.58.206.78
  • 142.250.74.206
whitelisted
googleads.g.doubleclick.net
  • 142.250.184.226
whitelisted
static.doubleclick.net
  • 216.58.206.38
whitelisted

Threats

PID
Process
Class
Message
5300
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
5300
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Windows-ISO-Downloader.exe