File name:

hkexplr.rar

Full analysis: https://app.any.run/tasks/ea2a8fda-9040-4a07-bf3e-6d0ad197ff39
Verdict: Malicious activity
Analysis date: January 09, 2025, 03:32:03
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

B5F95DEEEE017593D23C9517D621A044

SHA1:

E12329C01CDAD544770926A8701F9F6B57973539

SHA256:

E13EF534888F3CB876D78C8F299F6EE6BD10155B060FE37C3C7BBEC744D2C9A2

SSDEEP:

3072:y5Lr1E8sY7SlYNO3JUwUnzS3wEM0S4QfLFv:or1E8j7S6IDwOjmv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 9308)

  • SUSPICIOUS

    • Drops a system driver (possible attempt to evade defenses)

      • WinRAR.exe (PID: 6400)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 6400)
      • ShellExperienceHost.exe (PID: 8)
      • ScreenClippingHost.exe (PID: 9256)
      • GameBar.exe (PID: 7180)
      • sapisvr.exe (PID: 10004)
      • OneDrive.exe (PID: 2136)
      • MicrosoftEdgeUpdate.exe (PID: 9308)

    • Creates/Modifies COM task schedule object

      • OneDrive.exe (PID: 2136)
      • MicrosoftEdgeUpdate.exe (PID: 6292)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 9260)

    • Process drops legitimate windows executable

      • wv298A9.tmp (PID: 11716)
      • MicrosoftEdgeUpdate.exe (PID: 9308)

    • Executable content was dropped or overwritten

      • quickassist.exe (PID: 9360)
      • wv298A9.tmp (PID: 11716)
      • MicrosoftEdgeUpdate.exe (PID: 9308)

    • Starts a Microsoft application from unusual location

      • wv298A9.tmp (PID: 11716)
      • MicrosoftEdgeUpdate.exe (PID: 9308)

    • Starts application with an unusual extension

      • quickassist.exe (PID: 9360)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 9308)

    • Checks Windows Trust Settings

      • OneDrive.exe (PID: 2136)

  • INFO

    • The sample compiled with english language support

      • WinRAR.exe (PID: 6400)
      • quickassist.exe (PID: 9360)
      • wv298A9.tmp (PID: 11716)
      • MicrosoftEdgeUpdate.exe (PID: 9308)

    • Checks supported languages

      • hkexplr.exe (PID: 6276)
      • OneDrive.exe (PID: 2136)
      • ShellExperienceHost.exe (PID: 8)
      • ScreenClippingHost.exe (PID: 9256)
      • sapisvr.exe (PID: 10004)
      • wv298A9.tmp (PID: 11716)
      • GameBar.exe (PID: 7180)
      • MicrosoftEdgeUpdate.exe (PID: 6292)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1228)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8552)
      • MicrosoftEdgeUpdate.exe (PID: 1540)
      • MicrosoftEdgeUpdate.exe (PID: 9308)
      • MicrosoftEdgeUpdate.exe (PID: 12184)
      • MicrosoftEdgeUpdate.exe (PID: 2804)

    • Manual execution by a user

      • OUTLOOK.EXE (PID: 4556)
      • POWERPNT.EXE (PID: 396)
      • WINWORD.EXE (PID: 4716)
      • OneDrive.exe (PID: 2136)
      • EXCEL.EXE (PID: 3288)
      • msedge.exe (PID: 4672)
      • msedge.exe (PID: 4824)
      • msedge.exe (PID: 5548)
      • quickassist.exe (PID: 7736)
      • osk.exe (PID: 7640)
      • sapisvr.exe (PID: 7824)
      • msedge.exe (PID: 7928)
      • WinRAR.exe (PID: 8128)
      • firefox.exe (PID: 7444)
      • firefox.exe (PID: 4520)
      • WinRAR.exe (PID: 4400)
      • firefox.exe (PID: 7620)
      • rundll32.exe (PID: 8332)
      • msedge.exe (PID: 7324)
      • osk.exe (PID: 8636)
      • msedge.exe (PID: 8412)
      • firefox.exe (PID: 8504)
      • msedge.exe (PID: 5236)
      • sapisvr.exe (PID: 10004)
      • quickassist.exe (PID: 9360)
      • firefox.exe (PID: 8908)

    • Reads the computer name

      • hkexplr.exe (PID: 6276)
      • ShellExperienceHost.exe (PID: 8)
      • OneDrive.exe (PID: 2136)
      • ScreenClippingHost.exe (PID: 9256)
      • GameBar.exe (PID: 7180)
      • MicrosoftEdgeUpdate.exe (PID: 9308)
      • MicrosoftEdgeUpdate.exe (PID: 6292)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 9260)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8552)
      • MicrosoftEdgeUpdate.exe (PID: 2804)
      • MicrosoftEdgeUpdate.exe (PID: 12184)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6400)

    • The process uses the downloaded file

      • WinRAR.exe (PID: 6400)

    • Creates files or folders in the user directory

      • OneDrive.exe (PID: 2136)
      • quickassist.exe (PID: 9360)
      • MicrosoftEdgeUpdate.exe (PID: 9308)

    • Application launched itself

      • msedge.exe (PID: 5548)
      • firefox.exe (PID: 7444)
      • firefox.exe (PID: 8504)
      • firefox.exe (PID: 8224)
      • firefox.exe (PID: 8908)

    • Reads the machine GUID from the registry

      • OneDrive.exe (PID: 2136)
      • HelpPane.exe (PID: 9224)

    • Reads security settings of Internet Explorer

      • quickassist.exe (PID: 9360)
      • HelpPane.exe (PID: 9224)

    • Sends debugging messages

      • quickassist.exe (PID: 9360)

    • Reads the time zone

      • OneDrive.exe (PID: 2136)

    • Reads the software policy settings

      • quickassist.exe (PID: 9360)
      • OneDrive.exe (PID: 2136)

    • Reads CPU info

      • OneDrive.exe (PID: 2136)

    • Checks proxy server information

      • quickassist.exe (PID: 9360)
      • OneDrive.exe (PID: 2136)
      • MicrosoftEdgeUpdate.exe (PID: 12184)
      • MicrosoftEdgeUpdate.exe (PID: 2804)

    • Create files in a temporary directory

      • wv298A9.tmp (PID: 11716)

    • Process checks computer location settings

      • ShellExperienceHost.exe (PID: 8)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 12184)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

FileVersion: RAR v4
CompressedSize: 14267
UncompressedSize: 49152
OperatingSystem: Win32
ModifyDate: 2009:12:15 17:54:32
PackingMethod: Normal
ArchivedFileName: hkcmdr.sys
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
265
Monitored processes
87
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe hkexplr.exe no specs onedrive.exe outlook.exe powerpnt.exe winword.exe shellexperiencehost.exe no specs msedge.exe no specs excel.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs osk.exe no specs quickassist.exe no specs sapisvr.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs firefox.exe no specs winrar.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs firefox.exe msedge.exe no specs firefox.exe no specs msedge.exe no specs firefox.exe rundll32.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe no specs osk.exe firefox.exe no specs firefox.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs rundll32.exe no specs msedge.exe no specs helppane.exe no specs screenclippinghost.exe no specs quickassist.exe firefox.exe no specs firefox.exe no specs sapisvr.exe gamebar.exe no specs DockInterface COM server no specs ai.exe no specs firefox.exe no specs msedge.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs UIAutomationCrossBitnessHook32 Class no specs wv298a9.tmp msedge.exe no specs systemsettingsbroker.exe no specs speechuxwiz.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgeupdate.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs UIAutomationCrossBitnessHook32 Class no specs msedge.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
8"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mcaC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Shell Experience Host
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\wincorlib.dll
396"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft PowerPoint
Version:
16.0.16026.20146
Modules
Images
c:\program files\microsoft office\root\office16\powerpnt.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
748"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7140 --field-trial-handle=2380,i,13096527659092363490,2595130705883778488,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
936"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=7568 --field-trial-handle=2380,i,13096527659092363490,2595130705883778488,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1228"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.195.43
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.43\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1540"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource otherinstallcmd /sessionid "{5045CFC9-A151-4870-B9F8-A30F767D0EE5}" /silentC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.195.43
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
2136"C:\Users\admin\AppData\Local\Microsoft\OneDrive\onedrive.exe" C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft OneDrive
Version:
19.043.0304.0013
Modules
Images
c:\users\admin\appdata\local\microsoft\onedrive\onedrive.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
2804"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.195.43
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
3288"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Excel
Version:
16.0.16026.20146
Modules
Images
c:\program files\microsoft office\root\office16\excel.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\gdi32.dll
3680"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4552 --field-trial-handle=2380,i,13096527659092363490,2595130705883778488,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
67 505
Read events
65 661
Write events
1 719
Delete events
125

Modification events

(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\hkexplr.rar
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(4824) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4824) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
Executable files
249
Suspicious files
443
Text files
96
Unknown types
0

Dropped files

PID
Process
Filename
Type
5548msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF136f57.TMP
MD5:
SHA256:
5548msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
5548msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1370de.TMP
MD5:
SHA256:
5548msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
5548msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1370de.TMP
MD5:
SHA256:
5548msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
5548msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:1E9E15EF6E531C4557100F20C9C76F01
SHA256:46CB063CC268B69B172660F166C4394D5B4EDD802388B3EC16766DEBDB9F86C3
5548msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF13711c.TMP
MD5:
SHA256:
5548msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
5548msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF13712c.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
182
DNS requests
145
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
184.30.230.103:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.230.103:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6100
SystemSettings.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6100
SystemSettings.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
4716
WINWORD.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
9360
quickassist.exe
GET
200
184.30.230.103:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
184.30.230.103:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
4712
MoUsoCoreWorker.exe
184.30.230.103:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
2.23.227.215:443
www.bing.com
Ooredoo Q.S.C.
QA
whitelisted
1176
svchost.exe
20.190.159.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.72
whitelisted
www.microsoft.com
  • 184.30.230.103
whitelisted
google.com
  • 142.250.181.238
whitelisted
www.bing.com
  • 2.23.227.215
  • 2.23.227.208
whitelisted
login.live.com
  • 20.190.159.71
  • 40.126.31.71
  • 20.190.159.23
  • 20.190.159.68
  • 20.190.159.64
  • 20.190.159.75
  • 20.190.159.0
  • 20.190.159.4
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 23.56.254.14
  • 184.28.89.167
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted

Threats

No threats detected
Process
Message
quickassist.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
hkexplr.rar