File name:

NetMod_x86Latest.exe

Full analysis: https://app.any.run/tasks/ae5e5c76-0509-45b4-8e9e-d3c59a071fcd
Verdict: Malicious activity
Analysis date: November 23, 2024, 10:32:07
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

88A66FAFD730625FFE48117E3D7C3784

SHA1:

05EAEF97993B7CA9265F106398A54967F0F3FF65

SHA256:

DC2A558D13DEC94E232CCFCD5542EF4F07CD537BA07D9D773774A2F7F5B035BB

SSDEEP:

393216:DRv2HMsmNZQJSV0QAQO9SC6eiRQmRpZV2g:lvi+HQ5UOuzRRpv2g

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • NetMod_x86Latest.exe (PID: 5728)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • NetMod_x86Latest.tmp (PID: 6004)
      • tapinstall.exe (PID: 4052)

    • Executable content was dropped or overwritten

      • NetMod_x86Latest.tmp (PID: 1488)
      • NetMod_x86Latest.exe (PID: 5728)
      • NetMod_x86Latest.exe (PID: 5432)
      • drvinst.exe (PID: 4144)
      • drvinst.exe (PID: 3736)
      • tapinstall.exe (PID: 4052)

    • Reads the Windows owner or organization settings

      • NetMod_x86Latest.tmp (PID: 1488)

    • Drops a system driver (possible attempt to evade defenses)

      • NetMod_x86Latest.tmp (PID: 1488)
      • drvinst.exe (PID: 4144)
      • tapinstall.exe (PID: 4052)
      • drvinst.exe (PID: 3736)

    • The process drops C-runtime libraries

      • NetMod_x86Latest.tmp (PID: 1488)

    • Process drops legitimate windows executable

      • NetMod_x86Latest.tmp (PID: 1488)

    • Starts CMD.EXE for commands execution

      • NetMod_x86Latest.tmp (PID: 1488)
      • cmd.exe (PID: 5968)

    • Executing commands from a ".bat" file

      • NetMod_x86Latest.tmp (PID: 1488)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 5968)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 4144)
      • tapinstall.exe (PID: 4052)

    • Application launched itself

      • cmd.exe (PID: 5968)

    • Creates files in the driver directory

      • drvinst.exe (PID: 4144)

  • INFO

    • Checks supported languages

      • NetMod_x86Latest.exe (PID: 5728)
      • NetMod_x86Latest.tmp (PID: 6004)
      • NetMod_x86Latest.exe (PID: 5432)
      • NetMod_x86Latest.tmp (PID: 1488)
      • tapinstall.exe (PID: 3736)
      • drvinst.exe (PID: 4144)
      • tapinstall.exe (PID: 4052)

    • Reads the computer name

      • NetMod_x86Latest.tmp (PID: 1488)
      • NetMod_x86Latest.tmp (PID: 6004)
      • tapinstall.exe (PID: 4052)

    • Create files in a temporary directory

      • NetMod_x86Latest.tmp (PID: 1488)
      • NetMod_x86Latest.exe (PID: 5432)
      • NetMod_x86Latest.exe (PID: 5728)
      • tapinstall.exe (PID: 4052)

    • Creates files in the program directory

      • NetMod_x86Latest.tmp (PID: 1488)

    • Reads the software policy settings

      • pnputil.exe (PID: 3680)
      • drvinst.exe (PID: 4144)
      • tapinstall.exe (PID: 4052)

    • Process checks computer location settings

      • NetMod_x86Latest.tmp (PID: 6004)

    • Creates a software uninstall entry

      • NetMod_x86Latest.tmp (PID: 1488)

    • Reads security settings of Internet Explorer

      • pnputil.exe (PID: 3680)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 4144)
      • tapinstall.exe (PID: 4052)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:11:15 09:48:30+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741376
InitializedDataSize: 38400
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Henry G.
FileDescription: NetMod Setup
FileVersion:
LegalCopyright:
OriginalFileName:
ProductName: NetMod
ProductVersion: 5.3.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
254
Monitored processes
138
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
start netmod_x86latest.exe netmod_x86latest.tmp no specs netmod_x86latest.exe netmod_x86latest.tmp cmd.exe no specs conhost.exe no specs tapinstall.exe no specs cmd.exe no specs pnputil.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs tapinstall.exe conhost.exe no specs drvinst.exe rundll32.exe no specs drvinst.exe

Process information

PID
CMD
Path
Indicators
Parent process
396C:\WINDOWS\system32\cmd.exe /S /D /c" echo "Signer name : Unknown" "C:\Windows\SysWOW64\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
396C:\WINDOWS\system32\cmd.exe /S /D /c" echo "Signer name : Microsoft Windows Hardware Compatibility Publisher" "C:\Windows\SysWOW64\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
448findstr /R "Driver package provider" C:\Windows\SysWOW64\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
536findstr /r /c:"TAP-Windows Provider V9" C:\Windows\SysWOW64\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
624C:\WINDOWS\system32\cmd.exe /S /D /c" echo "Signer name : Microsoft Windows" "C:\Windows\SysWOW64\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
768C:\WINDOWS\system32\cmd.exe /S /D /c" echo "Driver date and version : 11/29/2016 16.0.7629.4000" "C:\Windows\SysWOW64\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
836findstr /R "Published name" C:\Windows\SysWOW64\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
836C:\WINDOWS\system32\cmd.exe /S /D /c" echo "Signer name : Microsoft Windows" "C:\Windows\SysWOW64\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
880findstr /R "Published name" C:\Windows\SysWOW64\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
900C:\WINDOWS\system32\cmd.exe /S /D /c" echo "Driver date and version : 06/19/2009 6.0.1.6305" "C:\Windows\SysWOW64\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
15 526
Read events
15 449
Write events
69
Delete events
8

Modification events

(PID) Process:(1488) NetMod_x86Latest.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Operation:writeName:C:\Program Files (x86)\NetMod\NetMod.exe
Value:
RUNASADMIN
(PID) Process:(1488) NetMod_x86Latest.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45FDF669-5B62-42EE-8DFB-5726B20293AE}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.1.2
(PID) Process:(1488) NetMod_x86Latest.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45FDF669-5B62-42EE-8DFB-5726B20293AE}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\NetMod
(PID) Process:(1488) NetMod_x86Latest.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45FDF669-5B62-42EE-8DFB-5726B20293AE}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\NetMod\
(PID) Process:(1488) NetMod_x86Latest.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45FDF669-5B62-42EE-8DFB-5726B20293AE}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
NetMod
(PID) Process:(1488) NetMod_x86Latest.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45FDF669-5B62-42EE-8DFB-5726B20293AE}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(1488) NetMod_x86Latest.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45FDF669-5B62-42EE-8DFB-5726B20293AE}_is1
Operation:writeName:Inno Setup: Language
Value:
english
(PID) Process:(1488) NetMod_x86Latest.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45FDF669-5B62-42EE-8DFB-5726B20293AE}_is1
Operation:writeName:DisplayName
Value:
NetMod version 5.3.1
(PID) Process:(1488) NetMod_x86Latest.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45FDF669-5B62-42EE-8DFB-5726B20293AE}_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\NetMod\NetMod.exe
(PID) Process:(1488) NetMod_x86Latest.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45FDF669-5B62-42EE-8DFB-5726B20293AE}_is1
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\NetMod\unins000.exe"
Executable files
182
Suspicious files
22
Text files
7
Unknown types
1

Dropped files

PID
Process
Filename
Type
5728NetMod_x86Latest.exeC:\Users\admin\AppData\Local\Temp\is-0ST0Q.tmp\NetMod_x86Latest.tmpexecutable
MD5:9393C076B11820AD848E6ECCAFA0ADD7
SHA256:119AE51BCD5431BED1BDF63573F9E5EC5DB6942AA8388DF0F5D4785F358F1B69
1488NetMod_x86Latest.tmpC:\Users\admin\AppData\Local\Temp\is-9F32P.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
5432NetMod_x86Latest.exeC:\Users\admin\AppData\Local\Temp\is-RBVJ8.tmp\NetMod_x86Latest.tmpexecutable
MD5:9393C076B11820AD848E6ECCAFA0ADD7
SHA256:119AE51BCD5431BED1BDF63573F9E5EC5DB6942AA8388DF0F5D4785F358F1B69
1488NetMod_x86Latest.tmpC:\Program Files (x86)\NetMod\NetMod.exeexecutable
MD5:4A2D8937CBBDA859CB2C14D9A270A98F
SHA256:D97B1384452165C67BD72B84217C3E93D3BD902E3B29AF32659332D0B7A1467A
1488NetMod_x86Latest.tmpC:\Program Files (x86)\NetMod\unins000.exeexecutable
MD5:9393C076B11820AD848E6ECCAFA0ADD7
SHA256:119AE51BCD5431BED1BDF63573F9E5EC5DB6942AA8388DF0F5D4785F358F1B69
1488NetMod_x86Latest.tmpC:\Program Files (x86)\NetMod\ControlzEx.dllexecutable
MD5:597FEB155915568EF98DDBD4D4ED6FA9
SHA256:A93FDC30467A4847C21285B0B5386B8F90EA843D47F8B27542629E408448053E
1488NetMod_x86Latest.tmpC:\Program Files (x86)\NetMod\redist\ndp472-kb4054531-web.exeexecutable
MD5:B3844D880D71DE6D787190D2E378101B
SHA256:151B1C11F625E7122D517B6A1778841DF8FF168D931C41730F59B9E4B8BCBE36
1488NetMod_x86Latest.tmpC:\Program Files (x86)\NetMod\is-KTDTT.tmpexecutable
MD5:1AFB839CE73F4921445F14652A99010C
SHA256:196381CDA5D5873CDD9DDB5CEE165A1CCD2C77AF492F88498326FA120380401F
1488NetMod_x86Latest.tmpC:\Program Files (x86)\NetMod\is-A0IBB.tmpexecutable
MD5:597FEB155915568EF98DDBD4D4ED6FA9
SHA256:A93FDC30467A4847C21285B0B5386B8F90EA843D47F8B27542629E408448053E
1488NetMod_x86Latest.tmpC:\Program Files (x86)\NetMod\is-VS31U.tmpexecutable
MD5:4A2D8937CBBDA859CB2C14D9A270A98F
SHA256:D97B1384452165C67BD72B84217C3E93D3BD902E3B29AF32659332D0B7A1467A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
20
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5156
RUXIMICS.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1468
svchost.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1468
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5156
RUXIMICS.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
204
2.16.106.196:443
https://www.bing.com/threshold/xls.aspx
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5156
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5156
RUXIMICS.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
1468
svchost.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5156
RUXIMICS.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1468
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
google.com
  • 142.250.186.110
whitelisted
crl.microsoft.com
  • 2.16.164.9
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
www.bing.com
  • 2.23.209.148
  • 2.23.209.130
  • 2.23.209.193
  • 2.23.209.133
  • 2.23.209.185
  • 2.23.209.189
  • 2.23.209.140
  • 2.23.209.187
  • 2.23.209.135
whitelisted
self.events.data.microsoft.com
  • 20.189.173.27
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
NetMod_x86Latest.exe