File name:

DoMicun V3 FОR CS2.rar

Full analysis: https://app.any.run/tasks/55708b78-23e6-49ab-b3e1-50e87301b913
Verdict: Malicious activity
Analysis date: December 21, 2025, 10:10:24
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

F519D5C48B69EE25C0BA6427DC21F055

SHA1:

09BF1CC50846EA16DE184F6AA3CC17DE150CF57D

SHA256:

DD164BBA84B3C78D58F1AC4108281AB4180636FCBA992406B83B3BB1C4D22946

SSDEEP:

3072:v6+0Kr4UFz32zgf7QyR9MDV5cCccJbKvu33yMCIHGXlaDseZIEaft:S+0KrbFYgfmjc2KgHGXgD3ZIP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 7524)

    • Starts NET.EXE for service management

      • net.exe (PID: 144)
      • cmd.exe (PID: 7200)
      • net.exe (PID: 1568)

    • Uses NET.EXE to stop Windows Update service

      • cmd.exe (PID: 7200)
      • net.exe (PID: 1568)

  • SUSPICIOUS

    • Creates or modifies Windows services

      • regedit.exe (PID: 7752)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 7524)
      • StartMenuExperienceHost.exe (PID: 7740)
      • 0 Удалить ненужные приложения.exe (PID: 4820)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 2140)
      • WinRAR.exe (PID: 7524)
      • cmd.exe (PID: 3436)

    • Application launched itself

      • cmd.exe (PID: 2140)
      • cmd.exe (PID: 3436)

    • Executing commands from a ".bat" file

      • WinRAR.exe (PID: 7524)

    • Uses WMIC.EXE

      • cmd.exe (PID: 8188)
      • cmd.exe (PID: 1568)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 8188)
      • cmd.exe (PID: 1568)
      • cmd.exe (PID: 3500)

    • Accesses computer name via WMI (SCRIPT)

      • WMIC.exe (PID: 3204)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 2140)
      • cmd.exe (PID: 7324)
      • cmd.exe (PID: 3568)
      • cmd.exe (PID: 3500)
      • cmd.exe (PID: 3436)
      • cmd.exe (PID: 7200)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 7764)

    • Reads the date of Windows installation

      • StartMenuExperienceHost.exe (PID: 7740)
      • SearchApp.exe (PID: 7056)

    • Read disk information to detect sandboxing environments

      • reg.exe (PID: 6424)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 7200)
      • cmd.exe (PID: 7324)

    • Modifies existing scheduled task

      • schtasks.exe (PID: 7352)
      • schtasks.exe (PID: 7344)
      • schtasks.exe (PID: 5788)
      • schtasks.exe (PID: 6820)
      • schtasks.exe (PID: 7764)
      • schtasks.exe (PID: 7708)
      • schtasks.exe (PID: 3568)
      • schtasks.exe (PID: 7184)
      • schtasks.exe (PID: 8092)
      • schtasks.exe (PID: 7292)
      • schtasks.exe (PID: 6404)

    • Executing commands from ".cmd" file

      • WinRAR.exe (PID: 7524)

  • INFO

    • Reads Microsoft Office registry keys

      • WinRAR.exe (PID: 7524)
      • explorer.exe (PID: 5168)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 3204)
      • Taskmgr.exe (PID: 4396)
      • WMIC.exe (PID: 7472)
      • explorer.exe (PID: 5168)

    • Checks supported languages

      • StartMenuExperienceHost.exe (PID: 7740)
      • TextInputHost.exe (PID: 6296)
      • SearchApp.exe (PID: 7056)
      • 0 Удалить ненужные приложения.exe (PID: 4820)

    • Reads the computer name

      • StartMenuExperienceHost.exe (PID: 7740)
      • TextInputHost.exe (PID: 6296)
      • SearchApp.exe (PID: 7056)
      • 0 Удалить ненужные приложения.exe (PID: 4820)

    • Reads the machine GUID from the registry

      • SearchApp.exe (PID: 7056)
      • 0 Удалить ненужные приложения.exe (PID: 4820)

    • Process checks computer location settings

      • StartMenuExperienceHost.exe (PID: 7740)
      • SearchApp.exe (PID: 7056)

    • Checks proxy server information

      • SearchApp.exe (PID: 7056)
      • explorer.exe (PID: 5168)
      • slui.exe (PID: 8036)

    • Reads Environment values

      • SearchApp.exe (PID: 7056)

    • Creates files or folders in the user directory

      • explorer.exe (PID: 5168)
      • StartMenuExperienceHost.exe (PID: 7740)

    • Search a value from a registry key

      • cmd.exe (PID: 3500)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7524)

    • Disables trace logs

      • netsh.exe (PID: 7176)

    • Create files in a temporary directory

      • 0 Удалить ненужные приложения.exe (PID: 4820)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)

EXIF

ZIP

FileVersion: RAR v5
CompressedSize: 544
UncompressedSize: 892
OperatingSystem: Win32
ArchivedFileName: DoMicun V3 FОR CS2/DoMicun V3 FOR CS2/1 - Создание Точки Восстановления/Создать точку восстановления.ln
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
550
Monitored processes
282
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe slui.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs wmic.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs wmic.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs bcdedit.exe no specs bcdedit.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs reg.exe no specs taskkill.exe no specs explorer.exe no specs textinputhost.exe no specs startmenuexperiencehost.exe no specs tiworker.exe no specs searchapp.exe mobsync.exe no specs cmd.exe no specs conhost.exe no specs netsh.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs taskmgr.exe no specs taskmgr.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs reg.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs fsutil.exe no specs fsutil.exe no specs regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe cmd.exe no specs conhost.exe no specs fsutil.exe no specs 0 удалить ненужные приложения.exe no specs 0 удалить ненужные приложения.exe rundll32.exe no specs regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe no specs regedit.exe regedit.exe regedit.exe no specs regedit.exe no specs regedit.exe regedit.exe regedit.exe no specs regedit.exe regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe no specs regedit.exe regedit.exe regedit.exe no specs regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe no specs regedit.exe regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe no specs regedit.exe regedit.exe regedit.exe no specs regedit.exe no specs regedit.exe regedit.exe regedit.exe no specs regedit.exe no specs regedit.exe regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe no specs regedit.exe regedit.exe no specs regedit.exe regedit.exe regedit.exe no specs regedit.exe no specs regedit.exe regedit.exe regedit.exe no specs regedit.exe cmd.exe no specs conhost.exe no specs taskkill.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs cmd.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
32"regedit.exe" "C:\Users\admin\Desktop\РЕГИ\2 Открывать pow файлы.reg"C:\Windows\regedit.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Editor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\regedit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\gdi32.dll
144net stop UsoSvcC:\Windows\System32\net.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Net Command
Exit code:
2
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wkscli.dll
148"regedit.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa7524.8741\Режим сна Диска.reg"C:\Windows\regedit.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Editor
Exit code:
3221226540
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\regedit.exe
c:\windows\system32\ntdll.dll
148"regedit.exe" "C:\Users\admin\Desktop\РЕГИ\ToggleKeys.reg"C:\Windows\regedit.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Editor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\regedit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\gdi32.dll
408reg.exe add "HKLM\SYSTEM\ControlSet001\Enum\USB\ROOT_HUB\4&2EA6C1F6&0\Device Parameters\WDF" /v IdleInWorkingState /t REG_DWORD /d 00000000 /fC:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
508\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
656"regedit.exe" "C:\Users\admin\Desktop\РЕГИ\SystemProfile Timer.reg"C:\Windows\regedit.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Editor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\regedit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\gdi32.dll
748"regedit.exe" "C:\Users\admin\Desktop\РЕГИ\Distribute Timers.reg"C:\Windows\regedit.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Editor
Exit code:
3221226540
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\regedit.exe
c:\windows\system32\ntdll.dll
816bcdedit -set useplatformtick yesC:\Windows\System32\bcdedit.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Boot Configuration Data Editor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\bcdedit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cryptsp.dll
936"regedit.exe" "C:\Users\admin\Desktop\РЕГИ\BoostPriority.reg"C:\Windows\regedit.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Editor
Exit code:
3221226540
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\regedit.exe
c:\windows\system32\ntdll.dll
Total events
111 358
Read events
110 258
Write events
840
Delete events
260

Modification events

(PID) Process:(7524) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(7524) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(7524) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(7524) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\DoMicun V3 FОR CS2.rar
(PID) Process:(7524) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(7524) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(7524) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(7524) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(7524) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\OpenWithProgids
Operation:writeName:regfile
Value:
(PID) Process:(8032) regedit.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerThrottling
Operation:writeName:PowerThrottlingOff
Value:
1
Executable files
1
Suspicious files
22
Text files
262
Unknown types
1

Dropped files

PID
Process
Filename
Type
7880TiWorker.exeC:\Windows\Logs\CBS\CBS.log
MD5:
SHA256:
7524WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa7524.48583\Game Optimizations.regtext
MD5:D19BE10EABA99D1DFDF9021B16BBE31A
SHA256:F4C737D270514413F86B6E80E57260465A5B3A055E0840AF2412ACD2129BF595
7524WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa7524.48190\Disable Power Throttling.regtext
MD5:5679CE2B5D1518413F167B2AA93B55DB
SHA256:0979D23DBE13DC434FBDBFA2E7AA1D56E6D50BB4515CE606213A4EDD03406FE1
7524WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa7524.396\Decrease Delay.regtext
MD5:A33A770344437B9A6E7032734F0A2D9D
SHA256:230888C9D1BDABBF898E44AEA761E5C747E472C12982B56D29EDF35FAB089A5E
7524WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa7524.49261\Power Optimization.regtext
MD5:7F8CE6275CEF2907E0D4B338A323C259
SHA256:D03F1E66A4A7B49807B34ACD17D8C68A1BF5E041FD752F70D332191583AEBF9B
7524WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa7524.47736\CPU Optimization.regtext
MD5:1168750AD66FEA060400F4707F881463
SHA256:165F7A9885752C8DF4745EDFD24EE2681CEFF79F88935B213102DDC4BE6D65AC
7056SearchApp.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10Dbinary
MD5:90FB866AA4EE970FC367543A2BE69399
SHA256:E2FA33990D3520BDB68135DF3F4BEDE5612FEB16FC27B73116508D411C80958D
7056SearchApp.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10Dbinary
MD5:51079203213DFB758B2B545C96903CA9
SHA256:CDF67246D3933D308965B60D91E58F6711BB04B24FB1E952EF4C61600DE1413A
7056SearchApp.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\Q84V0JUH\ANzUnPnVY0oL0XWxs0RLJxjJLUo.br[1].js
MD5:9E527B91C2D8B31B0017B76049B5E4E3
SHA256:38EDF0F961C1CCB287880B88F12F370775FC65B2E28227EEE215E849CDBE9BBC
7056SearchApp.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ZWUI0EBX\www.bing[1].xmltext
MD5:FC5001B3EF2EA319D3790D522CB20360
SHA256:B4FD0BB4F24AE4850BE30C7D14F86362CADDE501A10517C96EE607BCE3C77025
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
63
TCP/UDP connections
31
DNS requests
21
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6768
MoUsoCoreWorker.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
unknown
whitelisted
6768
MoUsoCoreWorker.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
unknown
whitelisted
2856
svchost.exe
POST
200
40.126.32.134:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
7268
SIHClient.exe
GET
200
20.242.39.171:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
whitelisted
4680
svchost.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7268
SIHClient.exe
GET
200
135.233.95.144:443
https://slscr.update.microsoft.com/sls/ping
unknown
whitelisted
7268
SIHClient.exe
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
2856
svchost.exe
POST
200
40.126.32.134:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
4680
svchost.exe
GET
200
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaaSAssessment?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=10.0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=562&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=WaaSAssessment&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&ServicingBranch=CB&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&HonorWUfBDeferrals=1&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
unknown
5.48 Kb
whitelisted
4680
svchost.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
4680
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3060
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
3412
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2856
svchost.exe
40.126.32.134:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2856
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
4680
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4680
svchost.exe
2.16.164.120:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
  • 4.231.128.59
whitelisted
google.com
  • 216.58.206.78
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 40.126.32.134
  • 20.190.160.2
  • 20.190.160.130
  • 20.190.160.17
  • 20.190.160.14
  • 40.126.32.68
  • 20.190.160.20
  • 20.190.160.131
whitelisted
ocsp.digicert.com
  • 184.30.131.245
  • 2.17.190.73
whitelisted
crl.microsoft.com
  • 2.16.164.120
  • 2.16.164.81
  • 2.16.164.88
  • 23.216.77.19
  • 23.216.77.25
  • 23.216.77.22
whitelisted
www.microsoft.com
  • 23.59.18.102
  • 88.221.169.152
whitelisted
slscr.update.microsoft.com
  • 135.233.95.144
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted
self.events.data.microsoft.com
  • 20.42.65.89
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DoMicun V3 FОR CS2.rar