File name:

siinst.exe

Full analysis: https://app.any.run/tasks/c8f495ff-dbe1-43ed-abff-8995ec67acd0
Verdict: Malicious activity
Analysis date: February 16, 2024, 22:28:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

18BC238BF7CA4F9DAD610604B857180A

SHA1:

C4A46C5883762368C24D3E944F409AAD54C3BF31

SHA256:

E7C2536EFB15B2137C4F4C07A94EBE37D396CEE2FFF0DFFE14BDBE4F8254E9DB

SSDEEP:

98304:6Yh+e+XdXD7IJkTi6PP4At/bgc50dPV5qnY:6Yke+NvIkz9/brOdPVcY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • siinst.exe (PID: 3668)
      • softinfo.exe (PID: 3180)
      • siinst.tmp (PID: 3944)
      • siinst.exe (PID: 2840)

    • Changes the autorun value in the registry

      • siinst.tmp (PID: 3944)

    • Uses Task Scheduler to autorun other applications

      • siinst.tmp (PID: 3944)

    • Actions looks like stealing of personal data

      • softinfo.exe (PID: 3180)

  • SUSPICIOUS

    • The process drops C-runtime libraries

      • siinst.tmp (PID: 3944)

    • Executable content was dropped or overwritten

      • siinst.tmp (PID: 3944)
      • siinst.exe (PID: 3668)
      • siinst.exe (PID: 2840)
      • softinfo.exe (PID: 3180)

    • Changes Internet Explorer settings (feature browser emulation)

      • siinst.tmp (PID: 3944)

    • Reads the Internet Settings

      • softinfo.exe (PID: 2636)
      • softinfo.exe (PID: 3180)

    • Searches for installed software

      • softinfo.exe (PID: 3180)

    • Reads security settings of Internet Explorer

      • softinfo.exe (PID: 3180)

    • Reads Microsoft Outlook installation path

      • softinfo.exe (PID: 3180)

    • Reads Internet Explorer settings

      • softinfo.exe (PID: 3180)

    • Reads settings of System Certificates

      • softinfo.exe (PID: 3180)

    • Checks Windows Trust Settings

      • softinfo.exe (PID: 3180)

    • Reads the Windows owner or organization settings

      • siinst.tmp (PID: 3944)

    • Process drops legitimate windows executable

      • siinst.tmp (PID: 3944)

  • INFO

    • Create files in a temporary directory

      • siinst.exe (PID: 3668)
      • siinst.exe (PID: 2840)
      • softinfo.exe (PID: 3180)
      • siinst.tmp (PID: 3944)

    • Checks supported languages

      • siinst.exe (PID: 3668)
      • siinst.tmp (PID: 3700)
      • siinst.exe (PID: 2840)
      • softinfo.exe (PID: 2636)
      • softinfo.exe (PID: 3180)
      • siinst.tmp (PID: 3944)

    • Creates files or folders in the user directory

      • siinst.tmp (PID: 3944)
      • softinfo.exe (PID: 3180)

    • Reads the computer name

      • siinst.tmp (PID: 3944)
      • siinst.tmp (PID: 3700)
      • softinfo.exe (PID: 2636)
      • softinfo.exe (PID: 3180)

    • Creates files in the program directory

      • siinst.tmp (PID: 3944)
      • softinfo.exe (PID: 3180)

    • Creates a software uninstall entry

      • siinst.tmp (PID: 3944)

    • Checks proxy server information

      • softinfo.exe (PID: 2636)
      • softinfo.exe (PID: 3180)

    • Reads the machine GUID from the registry

      • softinfo.exe (PID: 2636)
      • softinfo.exe (PID: 3180)

    • Reads CPU info

      • softinfo.exe (PID: 2636)

    • Reads the time zone

      • softinfo.exe (PID: 2636)

    • Reads Internet Explorer settings

      • OUTLOOK.EXE (PID: 2764)

    • Application launched itself

      • msedge.exe (PID: 2336)
      • msedge.exe (PID: 2792)

    • Reads the software policy settings

      • softinfo.exe (PID: 3180)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (45.2)
.dll | Win32 Dynamic Link Library (generic) (20.9)
.exe | Win32 Executable (generic) (14.3)
.exe | Win16/32 Executable Delphi generic (6.6)
.exe | Generic Win/DOS Executable (6.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:01:15 08:22:50+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 65024
InitializedDataSize: 53248
UninitializedDataSize: -
EntryPoint: 0x113bc
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Informer Technologies, Inc.
FileDescription: Software Informer Setup
FileVersion:
LegalCopyright:
ProductName: Software Informer
ProductVersion:
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
79
Monitored processes
34
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start siinst.exe siinst.tmp no specs siinst.exe siinst.tmp softinfo.exe no specs schtasks.exe no specs softinfo.exe msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs outlook.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
448"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 --field-trial-handle=1356,i,14692157785028363800,10064871076366719362,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
680"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5280 --field-trial-handle=1356,i,14692157785028363800,10064871076366719362,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
752"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2272 --field-trial-handle=1356,i,14692157785028363800,10064871076366719362,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
880"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5060 --field-trial-handle=1356,i,14692157785028363800,10064871076366719362,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
900"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1356,i,14692157785028363800,10064871076366719362,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1604"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3496 --field-trial-handle=1356,i,14692157785028363800,10064871076366719362,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1604"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1356,i,14692157785028363800,10064871076366719362,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1608"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1588 --field-trial-handle=1356,i,14692157785028363800,10064871076366719362,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1816"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x67cef598,0x67cef5a8,0x67cef5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2024"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1528 --field-trial-handle=1356,i,14692157785028363800,10064871076366719362,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
30 462
Read events
30 161
Write events
246
Delete events
55

Modification events

(PID) Process:(3944) siinst.tmpKey:HKEY_CURRENT_USER\Software\Informer Technologies, Inc.\Software Informer
Operation:writeName:Path
Value:
C:\Program Files\Software Informer
(PID) Process:(3944) siinst.tmpKey:HKEY_CURRENT_USER\Software\Informer Technologies, Inc.\Software Informer\Settings
Operation:writeName:DisablePUL
Value:
0
(PID) Process:(3944) siinst.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Software Informer
Value:
"C:\Program Files\Software Informer\softinfo.exe" -autorun
(PID) Process:(3944) siinst.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:fsm
Value:
(PID) Process:(3944) siinst.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\softinfo.exe
Operation:writeName:DumpFolder
Value:
C:\Users\admin\AppData\Roaming\Software Informer\WerDumps
(PID) Process:(3944) siinst.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\softinfo.exe
Operation:writeName:DumpCount
Value:
3
(PID) Process:(3944) siinst.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION
Operation:writeName:softinfo.exe
Value:
11000
(PID) Process:(3944) siinst.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Operation:writeName:softinfo.exe
Value:
11000
(PID) Process:(3944) siinst.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING
Operation:writeName:softinfo.exe
Value:
0
(PID) Process:(3944) siinst.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING
Operation:writeName:softinfo.exe
Value:
0
Executable files
30
Suspicious files
154
Text files
410
Unknown types
82

Dropped files

PID
Process
Filename
Type
3944siinst.tmpC:\Program Files\Software Informer\is-U5UOF.tmpexecutable
MD5:8AD0AE6B1737AB59E704A3377BB047E0
SHA256:37C987E7845824C4CB73734AB3864DBA439599C4A37DF6A637E30CE50971A40F
3944siinst.tmpC:\Program Files\Software Informer\unins000.exeexecutable
MD5:2A478D6E4134BBA048226B1C055F70B2
SHA256:9D11AB1BA6D95008CE302C1BA7AB6EBA6436760751F33A3E250E59CCD18486D2
3944siinst.tmpC:\Program Files\Software Informer\is-K2JEN.tmpexecutable
MD5:599EF2503ED367A4E0E39921A6CCE9EF
SHA256:E6347F8ADAF118748055BA64BB545A89614E056670FFBBB76CD5CB6FACA688DA
3944siinst.tmpC:\Program Files\Software Informer\is-53PCO.tmpexecutable
MD5:0D127254F49DC2E10876C08B8A4491F5
SHA256:8077F7C4F693AED7B48A458DDB5D03ED6883DBA7DB6F9BC4AAE03BB8C929C484
3944siinst.tmpC:\Program Files\Software Informer\is-UV7CL.tmpexecutable
MD5:2A478D6E4134BBA048226B1C055F70B2
SHA256:9D11AB1BA6D95008CE302C1BA7AB6EBA6436760751F33A3E250E59CCD18486D2
3944siinst.tmpC:\Program Files\Software Informer\is-FG70Q.tmpexecutable
MD5:1EE8D767059ED6A729AD941210D7A0CB
SHA256:3311E3BA5F6CCC3010FA925DB20D34651CACCA9F83BF15715047285515C4A9F7
3944siinst.tmpC:\Program Files\Software Informer\core.dllexecutable
MD5:8AD0AE6B1737AB59E704A3377BB047E0
SHA256:37C987E7845824C4CB73734AB3864DBA439599C4A37DF6A637E30CE50971A40F
3944siinst.tmpC:\Program Files\Software Informer\softinfo.exeexecutable
MD5:398F22CF8662F50A723EE3FDD05A742D
SHA256:40BD37FB7519F69DE6CFF0DF345ABC819DD11460134196EE650AD795A98B51CB
3944siinst.tmpC:\Program Files\Software Informer\sbtn.dllexecutable
MD5:0D127254F49DC2E10876C08B8A4491F5
SHA256:8077F7C4F693AED7B48A458DDB5D03ED6883DBA7DB6F9BC4AAE03BB8C929C484
3944siinst.tmpC:\Program Files\Software Informer\is-RO4EV.tmpbinary
MD5:571353057FC3A44CE4B458D262A3F442
SHA256:D63663F4253A244A553D64BDCB1B41EEB19BBCBE22681080C964C65D480DAC29
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
157
DNS requests
76
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3180
softinfo.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f662c1db8f54f176
unknown
unknown
3180
softinfo.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
binary
1.42 Kb
unknown
3180
softinfo.exe
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQDlubT3XUfB0sSasgxSuLVn
unknown
binary
472 b
unknown
3180
softinfo.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
binary
2.18 Kb
unknown
3180
softinfo.exe
GET
200
74.117.179.74:80
http://si5-s0.infcdn.net/img/win_v3/background.png
unknown
image
16.8 Kb
unknown
3180
softinfo.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
3180
softinfo.exe
GET
200
74.117.179.74:80
http://si5-s0.infcdn.net/img/win_v3/refresh_bg.png
unknown
image
4.52 Kb
unknown
3180
softinfo.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
3180
softinfo.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCG5mYmc5exBwr3zurLpXnC
unknown
binary
472 b
unknown
3180
softinfo.exe
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQDULZtoZwMKKCpIv95kbt0N
unknown
binary
472 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3180
softinfo.exe
208.88.224.105:443
si.informer.com
WZCOM
US
unknown
3180
softinfo.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
3180
softinfo.exe
104.18.38.233:80
ocsp.comodoca.com
CLOUDFLARENET
shared
3180
softinfo.exe
172.64.149.23:80
ocsp.comodoca.com
CLOUDFLARENET
US
unknown
3180
softinfo.exe
74.117.179.70:443
img.informer.com
WZCOM
US
unknown
3180
softinfo.exe
216.58.212.136:443
ssl.google-analytics.com
GOOGLE
US
whitelisted
3180
softinfo.exe
74.117.179.74:443
si5-s0.infcdn.net
WZCOM
US
unknown

DNS requests

Domain
IP
Reputation
si.informer.com
  • 208.88.224.105
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.comodoca.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
ocsp.usertrust.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.sectigo.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
si5.informer.com
  • 208.88.224.105
unknown
img.informer.com
  • 74.117.179.70
whitelisted
ssl.google-analytics.com
  • 216.58.212.136
whitelisted
si5-s0.infcdn.net
  • 74.117.179.74
unknown
www.google-analytics.com
  • 216.239.36.178
  • 216.239.38.178
  • 216.239.32.178
  • 216.239.34.178
whitelisted

Threats

No threats detected
Process
Message
msedge.exe
[0216/222940.742:ERROR:exception_handler_server.cc(527)] ConnectNamedPipe: The pipe is being closed. (0xE8)
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
siinst.exe