File name:

Desktop Goose v0.31.zip

Full analysis: https://app.any.run/tasks/c925eaf0-25cc-4cca-8d15-168baeb900db
Verdict: Malicious activity
Analysis date: May 25, 2025, 00:15:33
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
arch-doc
nodejs
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

EAAD0961B52B14D9A323F092EF307D8A

SHA1:

FEB3AEDF16432B063FF93C90623A865A1FD5214A

SHA256:

E66264065923676807FD6D7B36F7C9DC52DB9EF1C5399B2811738EB5E22A30F6

SSDEEP:

98304:r2s1pAKXHAqe3S1s+2FpwDhbJ/XKGEzJKiMR7:dHAqEDP6D5J/tE1K3R7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 7684)

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • Skype.exe (PID: 7916)

    • The process executes via Task Scheduler

      • PLUGScheduler.exe (PID: 3024)

    • Reads security settings of Internet Explorer

      • ShellExperienceHost.exe (PID: 5600)

    • Uses REG/REGEDIT.EXE to modify registry

      • Skype.exe (PID: 7812)

    • Application launched itself

      • Skype.exe (PID: 7812)

  • INFO

    • Reads the machine GUID from the registry

      • GooseDesktop.exe (PID: 8108)
      • GooseDesktop.exe (PID: 5556)

    • Checks supported languages

      • GooseDesktop.exe (PID: 8108)
      • GooseDesktop.exe (PID: 5556)
      • ShellExperienceHost.exe (PID: 5600)

    • Manual execution by a user

      • GooseDesktop.exe (PID: 8108)
      • GooseDesktop.exe (PID: 5556)
      • firefox.exe (PID: 6268)
      • GooseDesktop.exe (PID: 6228)
      • Skype.exe (PID: 7812)
      • chrome.exe (PID: 1132)
      • GooseDesktop.exe (PID: 6320)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7684)

    • Reads the computer name

      • GooseDesktop.exe (PID: 8108)
      • GooseDesktop.exe (PID: 5556)
      • ShellExperienceHost.exe (PID: 5600)

    • Application launched itself

      • firefox.exe (PID: 6268)
      • chrome.exe (PID: 1132)
      • firefox.exe (PID: 1012)

    • Node.js compiler has been detected

      • Skype.exe (PID: 3800)
      • Skype.exe (PID: 7916)
      • Skype.exe (PID: 7812)
      • Skype.exe (PID: 6244)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (33.3)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2022:10:07 15:56:12
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Desktop Goose v0.31/DesktopGoose v0.31/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
307
Monitored processes
53
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs goosedesktop.exe no specs goosedesktop.exe slui.exe shellexperiencehost.exe no specs rundll32.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs skype.exe skype.exe no specs skype.exe no specs skype.exe reg.exe no specs conhost.exe no specs skype.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs skype.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs plugscheduler.exe no specs goosedesktop.exe no specs goosedesktop.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
744"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3684 --field-trial-handle=1924,i,17266986424261216749,16796134871873530456,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1012"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1040"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2152 -parentBuildID 20240213221259 -prefsHandle 2144 -prefMapHandle 2132 -prefsLen 31031 -prefMapSize 244583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1b9f092-addf-4665-864a-3c6087fa96af} 1012 "\\.\pipe\gecko-crash-server-pipe.1012" 18611681110 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
1132\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1132"C:\Program Files\Google\Chrome\Application\chrome.exe" "--disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2192"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5132 -childID 3 -isForBrowser -prefsHandle 5124 -prefMapHandle 4236 -prefsLen 31243 -prefMapSize 244583 -jsInitHandle 1496 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b3866f1-64d3-465a-9494-856232c5187e} 1012 "\\.\pipe\gecko-crash-server-pipe.1012" 18626ee5310 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\crypt32.dll
2340C:\WINDOWS\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\microsoft-edge\UserChoice /v ProgIdC:\Windows\SysWOW64\reg.exeSkype.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2432"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4812 -parentBuildID 20240213221259 -sandboxingKind 0 -prefsHandle 4924 -prefMapHandle 4920 -prefsLen 36588 -prefMapSize 244583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca67d011-b2df-41c9-a162-36e5962c9c42} 1012 "\\.\pipe\gecko-crash-server-pipe.1012" 186269e3b10 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
1
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\msvcp140.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\crypt32.dll
2852"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1904 -parentBuildID 20240213221259 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 31031 -prefMapSize 244583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {603d3e8d-2010-4c5a-a58d-d41f2fa69d0b} 1012 "\\.\pipe\gecko-crash-server-pipe.1012" 1861e3f0410 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
1
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
2984"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5884 -childID 6 -isForBrowser -prefsHandle 5896 -prefMapHandle 5892 -prefsLen 31243 -prefMapSize 244583 -jsInitHandle 1496 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {461c128d-6e21-4c6f-9b72-e1faea9f689d} 1012 "\\.\pipe\gecko-crash-server-pipe.1012" 186269a5d90 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
Total events
30 349
Read events
30 196
Write events
130
Delete events
23

Modification events

(PID) Process:(7684) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(7684) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(7684) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(7684) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\Desktop Goose v0.31.zip
(PID) Process:(7684) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(7684) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(7684) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(7684) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(8108) GooseDesktop.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device
Operation:writeName:FriendlyName
Value:
Default MidiOut Device
(PID) Process:(8108) GooseDesktop.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device
Operation:writeName:CLSID
Value:
{07B65360-C445-11CE-AFDE-00AA006C14F4}
Executable files
9
Suspicious files
350
Text files
87
Unknown types
4

Dropped files

PID
Process
Filename
Type
7684WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7684.46156\Desktop Goose v0.31\DesktopGoose v0.31\Assets\Images\Memes\Meme5.pngimage
MD5:01F620EDA22AE06FBCC60500374FDD88
SHA256:F8A5D603018A04375B7B19FE72034F904E6A91237B68E196BD2B626519D6EF03
7684WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7684.46156\Desktop Goose v0.31\DesktopGoose v0.31\Assets\Sound\NotEmbedded\MudSquith.mp3binary
MD5:B2354D238829D09C54E272D8B4F60189
SHA256:D5281BA99731FE3C443B6B2D18960A49E74B5B407956D3E1A3CDE360F86573BA
7684WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7684.46156\Desktop Goose v0.31\DesktopGoose v0.31\Assets\Sound\NotEmbedded\BITE.mp3binary
MD5:5436E6AEBABF071C1D832071A01B8BCD
SHA256:2BF822B86E4ADABCE83A796DE15FBBFEB75FF82C3BC1ED2A0F5286962915D362
7684WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7684.46156\Desktop Goose v0.31\DesktopGoose v0.31\Assets\Sound\Music\Rename me to just Music.mp3binary
MD5:3C954D9B4B6D739EF833FE72511F258B
SHA256:1427EC3E3E50C1402C1FA182F0B1BDE0A0A3274DBF1A89FB13B787359BD1C8A6
7684WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7684.46156\Desktop Goose v0.31\DesktopGoose v0.31\Assets\Images\Memes\Meme7.pngimage
MD5:245F29E1E0905C497306C8F06F503244
SHA256:9E3B5C5158686F49BC91D41D1215E8DF9322A092B7C9015E8F9228CFBE4C61E3
7684WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7684.46156\Desktop Goose v0.31\DesktopGoose v0.31\Assets\Images\Memes\Meme3.pngimage
MD5:CEF6B9818BC01655614FB969CFFC155F
SHA256:37BC0E217C6D6BF3EAF31072C02F010E785F4935ABE9849FBEE96D586D0904A7
7684WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7684.46156\Desktop Goose v0.31\DesktopGoose v0.31\Assets\Images\Memes\Meme2.pngimage
MD5:4F21B82BAC2893AFEC41A77EB024E3BB
SHA256:77AA8C017272C774BB0BB59D21A409DF09635676443919C7E5523ABE3908AE88
7684WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7684.46156\Desktop Goose v0.31\DesktopGoose v0.31\Assets\Images\MemeAttributions.txttext
MD5:FC280867F6CF727FF169B24371019A93
SHA256:C6134785BB0927CCE100B3B02EC08EDFA0A3E485F16B2481EE28F8CFAD208AB7
7684WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7684.46156\Desktop Goose v0.31\DesktopGoose v0.31\Assets\Images\Memes\Meme1.pngimage
MD5:EC6A7941AA0D1C3CD0A7B724324FBB96
SHA256:FE5EE195C07EBFC789F15CE771CC0F003AE43C0D5115C193D0F876DE00C18DBE
7684WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7684.46156\Desktop Goose v0.31\DesktopGoose v0.31\Assets\Images\Memes\Meme4.pngimage
MD5:AF4BEF7B9F4F37AC62E782B5B59D02AA
SHA256:9FCC9A9ADCD231656E848B9B42BAB449EA5A083CBF3A7A987C2E52963D9CF6D0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
36
TCP/UDP connections
148
DNS requests
168
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7780
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7780
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1012
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
1012
firefox.exe
POST
200
2.16.206.143:80
http://r11.o.lencr.org/
unknown
whitelisted
1012
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
1012
firefox.exe
POST
200
2.16.206.143:80
http://r11.o.lencr.org/
unknown
whitelisted
1012
firefox.exe
POST
200
142.250.185.163:80
http://o.pki.goog/s/wr3/FIY
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6724
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2112
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.160.20:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
google.com
  • 142.250.181.238
whitelisted
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 2.23.181.156
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 20.190.160.20
  • 40.126.32.68
  • 20.190.160.5
  • 40.126.32.76
  • 20.190.160.2
  • 20.190.160.132
  • 20.190.160.130
  • 40.126.32.140
  • 20.190.159.71
  • 20.190.159.129
  • 40.126.31.67
  • 40.126.31.3
  • 20.190.159.64
  • 20.190.159.68
  • 20.190.159.2
  • 40.126.31.69
  • 20.190.160.17
  • 40.126.32.134
  • 40.126.32.74
  • 40.126.32.133
  • 20.190.160.3
  • 20.190.160.64
whitelisted
ocsp.digicert.com
  • 2.23.77.188
  • 23.63.118.230
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Desktop Goose v0.31.zip