File name:

stopupdates10setup.exe

Full analysis: https://app.any.run/tasks/84ec8837-bfe0-44b9-946c-03d054a29ea9
Verdict: Malicious activity
Analysis date: October 19, 2024, 08:15:34
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

A20870A17F343C2CFECC36383E0DA90B

SHA1:

38A4419F08B0BFA1FC4AF7849DB835090E1731E0

SHA256:

DCC55874047DAEC9F1C6341BF04BDF70B29CA2036A2D7DE0D6D96C56098B46BC

SSDEEP:

98304:Q8ncC2FAD9ySVqPENSEouZRXZ+lkLcFcs+W4EJbSmh3XU2dwqORjqJvsfNn3IheX:q7vPI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • stopupdates10setup.exe (PID: 1160)
      • stopupdates10setup.exe (PID: 5832)
      • stopupdates10setup.tmp (PID: 3128)

    • Reads security settings of Internet Explorer

      • stopupdates10setup.tmp (PID: 5400)
      • StopUpdates10.exe (PID: 7164)

    • Process drops legitimate windows executable

      • stopupdates10setup.tmp (PID: 3128)

    • Reads the Windows owner or organization settings

      • stopupdates10setup.tmp (PID: 3128)

    • Uses TASKKILL.EXE to kill process

      • stopupdates10setup.tmp (PID: 3128)

    • Creates or modifies Windows services

      • stopupdates10setup.tmp (PID: 3128)

    • Executes as Windows Service

      • SU10Guard.exe (PID: 6392)

    • Checks Windows Trust Settings

      • StopUpdates10.exe (PID: 7164)

  • INFO

    • Create files in a temporary directory

      • stopupdates10setup.exe (PID: 1160)
      • stopupdates10setup.exe (PID: 5832)
      • stopupdates10setup.tmp (PID: 3128)

    • Reads the computer name

      • stopupdates10setup.tmp (PID: 5400)
      • stopupdates10setup.tmp (PID: 3128)
      • SU10Guard.exe (PID: 6192)
      • StopUpdates10.exe (PID: 7164)
      • SU10Guard.exe (PID: 6392)
      • StopUpdates10.exe (PID: 2808)
      • identity_helper.exe (PID: 7244)

    • Checks supported languages

      • stopupdates10setup.tmp (PID: 5400)
      • stopupdates10setup.exe (PID: 1160)
      • stopupdates10setup.exe (PID: 5832)
      • stopupdates10setup.tmp (PID: 3128)
      • StopUpdates10.exe (PID: 7164)
      • SU10Guard.exe (PID: 6192)
      • StopUpdates10.exe (PID: 2808)
      • SU10Guard.exe (PID: 6392)
      • identity_helper.exe (PID: 7244)

    • Process checks computer location settings

      • stopupdates10setup.tmp (PID: 5400)

    • Creates files in the program directory

      • stopupdates10setup.tmp (PID: 3128)
      • SU10Guard.exe (PID: 6192)
      • SU10Guard.exe (PID: 6392)
      • StopUpdates10.exe (PID: 2808)

    • Creates a software uninstall entry

      • stopupdates10setup.tmp (PID: 3128)

    • Checks proxy server information

      • StopUpdates10.exe (PID: 7164)

    • Reads the machine GUID from the registry

      • StopUpdates10.exe (PID: 7164)

    • Reads the software policy settings

      • StopUpdates10.exe (PID: 7164)

    • Application launched itself

      • msedge.exe (PID: 3844)

    • Reads Environment values

      • identity_helper.exe (PID: 7244)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (74.3)
.exe | Win32 Executable Delphi generic (9.6)
.scr | Windows screen saver (8.8)
.exe | Win32 Executable (generic) (3)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 40448
InitializedDataSize: 296448
UninitializedDataSize: -
EntryPoint: 0xa5f8
OSVersion: 1
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 4.6.2024.403
ProductVersionNumber: 4.6.2024.403
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Greatis Software
FileDescription: StopUpdates10 Setup
FileVersion: 4.6.2024.0403
LegalCopyright:
ProductName: StopUpdates10
ProductVersion: 4.6.2024.0403
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
185
Monitored processes
59
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start stopupdates10setup.exe stopupdates10setup.tmp no specs stopupdates10setup.exe stopupdates10setup.tmp taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs stopupdates10.exe su10guard.exe no specs conhost.exe no specs su10guard.exe no specs stopupdates10.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1160"C:\Users\admin\Desktop\stopupdates10setup.exe" C:\Users\admin\Desktop\stopupdates10setup.exe
explorer.exe
User:
admin
Company:
Greatis Software
Integrity Level:
MEDIUM
Description:
StopUpdates10 Setup
Exit code:
0
Version:
4.6.2024.0403
Modules
Images
c:\users\admin\desktop\stopupdates10setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1576"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5132 --field-trial-handle=2392,i,13283733113687844163,9051216232275588451,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1576"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5476 --field-trial-handle=2392,i,13283733113687844163,9051216232275588451,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3884 --field-trial-handle=2392,i,13283733113687844163,9051216232275588451,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2420"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3952 --field-trial-handle=2392,i,13283733113687844163,9051216232275588451,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2796"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5596 --field-trial-handle=2392,i,13283733113687844163,9051216232275588451,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2796"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5256 --field-trial-handle=2392,i,13283733113687844163,9051216232275588451,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2808"C:\Program Files (x86)\StopUpdates10\StopUpdates10.exe"C:\Program Files (x86)\StopUpdates10\StopUpdates10.exestopupdates10setup.tmp
User:
admin
Company:
Greatis Software
Integrity Level:
HIGH
Description:
StopUpdates10
Version:
4.6.2024.403
Modules
Images
c:\program files (x86)\stopupdates10\stopupdates10.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3128"C:\Users\admin\AppData\Local\Temp\is-NBKB5.tmp\stopupdates10setup.tmp" /SL5="$60270,2415831,337920,C:\Users\admin\Desktop\stopupdates10setup.exe" /SPAWNWND=$40272 /NOTIFYWND=$8020C C:\Users\admin\AppData\Local\Temp\is-NBKB5.tmp\stopupdates10setup.tmp
stopupdates10setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-nbkb5.tmp\stopupdates10setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3128"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4192 --field-trial-handle=2392,i,13283733113687844163,9051216232275588451,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
8 672
Read events
8 623
Write events
49
Delete events
0

Modification events

(PID) Process:(3128) stopupdates10setup.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SU10Guard
Operation:writeName:DelayedAutoStart
Value:
1
(PID) Process:(3128) stopupdates10setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C186B659-50F8-4F40-9822-2B1163AAAEF2}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.5.4 (a)
(PID) Process:(3128) stopupdates10setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C186B659-50F8-4F40-9822-2B1163AAAEF2}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\StopUpdates10
(PID) Process:(3128) stopupdates10setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C186B659-50F8-4F40-9822-2B1163AAAEF2}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\StopUpdates10\
(PID) Process:(3128) stopupdates10setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C186B659-50F8-4F40-9822-2B1163AAAEF2}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
StopUpdates10
(PID) Process:(3128) stopupdates10setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C186B659-50F8-4F40-9822-2B1163AAAEF2}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(3128) stopupdates10setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C186B659-50F8-4F40-9822-2B1163AAAEF2}_is1
Operation:writeName:Inno Setup: Language
Value:
english
(PID) Process:(3128) stopupdates10setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C186B659-50F8-4F40-9822-2B1163AAAEF2}_is1
Operation:writeName:DisplayName
Value:
StopUpdates10 version 4.6.2024.0403
(PID) Process:(3128) stopupdates10setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C186B659-50F8-4F40-9822-2B1163AAAEF2}_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\StopUpdates10\StopUpdates10.exe
(PID) Process:(3128) stopupdates10setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C186B659-50F8-4F40-9822-2B1163AAAEF2}_is1
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\StopUpdates10\unins000.exe"
Executable files
21
Suspicious files
276
Text files
217
Unknown types
0

Dropped files

PID
Process
Filename
Type
3128stopupdates10setup.tmpC:\Users\admin\AppData\Local\Temp\is-K0CIB.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
3128stopupdates10setup.tmpC:\Program Files (x86)\StopUpdates10\SU10Guard.exeexecutable
MD5:FAF7252A5ABEB870522805C73243B405
SHA256:9C3AFA3640A64DC1D41F99926FC918C215ED53E629BE35C385BDDD20928ABC2C
5832stopupdates10setup.exeC:\Users\admin\AppData\Local\Temp\is-NBKB5.tmp\stopupdates10setup.tmpexecutable
MD5:1D62E36CD681602342F7AD08BF2151A7
SHA256:A9A7056EFAE938DB8CC12B95259191D7EF47B30E8640AE299D8238B454890F21
3128stopupdates10setup.tmpC:\Program Files (x86)\StopUpdates10\is-UC6DH.tmpexecutable
MD5:FAF7252A5ABEB870522805C73243B405
SHA256:9C3AFA3640A64DC1D41F99926FC918C215ED53E629BE35C385BDDD20928ABC2C
3128stopupdates10setup.tmpC:\Users\admin\AppData\Local\Temp\is-K0CIB.tmp\_isetup\_setup64.tmpexecutable
MD5:526426126AE5D326D0A24706C77D8C5C
SHA256:B20A8D88C550981137ED831F2015F5F11517AEB649C29642D9D61DEA5EBC37D1
3128stopupdates10setup.tmpC:\Program Files (x86)\StopUpdates10\StopUpdates10.exeexecutable
MD5:61FFF4EF04FCACCE92BBB75AFD567FA4
SHA256:037C263C3F3A1A8BAFAD15EDB5C6A082206EBE3027B856B0488F3428E0E8B525
1160stopupdates10setup.exeC:\Users\admin\AppData\Local\Temp\is-OPARB.tmp\stopupdates10setup.tmpexecutable
MD5:1D62E36CD681602342F7AD08BF2151A7
SHA256:A9A7056EFAE938DB8CC12B95259191D7EF47B30E8640AE299D8238B454890F21
3128stopupdates10setup.tmpC:\Program Files (x86)\StopUpdates10\is-KCP7L.tmpexecutable
MD5:61FFF4EF04FCACCE92BBB75AFD567FA4
SHA256:037C263C3F3A1A8BAFAD15EDB5C6A082206EBE3027B856B0488F3428E0E8B525
3128stopupdates10setup.tmpC:\Program Files (x86)\StopUpdates10\unins000.exeexecutable
MD5:1D62E36CD681602342F7AD08BF2151A7
SHA256:A9A7056EFAE938DB8CC12B95259191D7EF47B30E8640AE299D8238B454890F21
3128stopupdates10setup.tmpC:\Program Files (x86)\StopUpdates10\license.txttext
MD5:882DABB2C999EDFC1E00002FBCAB4E33
SHA256:CD384D249F16576D2563A1967FB479BEA960093D41D0C5153A8BA8A4CB4ADEE6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
148
TCP/UDP connections
113
DNS requests
92
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6944
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1752
RUXIMICS.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1752
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6944
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
OPTIONS
504
23.48.23.26:443
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
POST
204
104.126.37.144:443
https://www.bing.com/threshold/xls.aspx
unknown
whitelisted
POST
400
54.85.188.1:443
https://api.gameanalytics.com/v2/13bf0c34c5ac4e1ecea01e0cb82867ae/events
unknown
text
57 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
5488
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1752
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1752
RUXIMICS.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1752
RUXIMICS.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
google.com
  • 216.58.206.46
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
api.gameanalytics.com
  • 54.145.31.106
  • 54.84.110.43
  • 54.235.155.250
  • 3.224.172.35
  • 18.207.10.213
  • 52.207.153.210
  • 54.85.188.1
  • 54.82.145.4
whitelisted
www.bing.com
  • 2.23.209.142
  • 2.23.209.135
  • 2.23.209.187
  • 2.23.209.183
  • 2.23.209.186
  • 2.23.209.141
  • 2.23.209.133
  • 2.23.209.140
  • 2.23.209.130
  • 2.23.209.160
  • 2.23.209.148
  • 2.23.209.158
  • 2.23.209.149
  • 2.23.209.150
  • 2.23.209.154
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
greatis.com
  • 144.217.89.149
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Potentially Bad Traffic
ET INFO Possible Chrome Plugin install
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
stopupdates10setup.exe