File name:

Prince.v1.0.0.zip

Full analysis: https://app.any.run/tasks/edf7f750-623a-4a63-9897-d2001780fd0b
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: August 31, 2024, 09:07:07
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

63CDEEEFFA6EAA423513F2D2C3FD5DA0

SHA1:

60AEB511BB1F738452F26A2EA9D08C950C94CB03

SHA256:

E7C8FC74E31020A6C52C225C143A58C1243EC86E00FCD9038B8194418F8E3603

SSDEEP:

98304:FF89yL68NgbSigfNsh0SCV0pOOGEX46EA3QicU1aHq7sZsd9F9AmsvIccFomLMqG:eNmoLjFWtMemM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • WinRAR.exe (PID: 320)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • Builder.exe (PID: 7332)
      • main.exe (PID: 7280)
      • main.exe (PID: 8028)
      • Builder.exe (PID: 7240)

  • INFO

    • The process uses the downloaded file

      • WinRAR.exe (PID: 320)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 320)

    • Checks supported languages

      • identity_helper.exe (PID: 3832)
      • Builder.exe (PID: 7332)
      • main.exe (PID: 6248)
      • main.exe (PID: 7280)
      • main.exe (PID: 8028)
      • Builder.exe (PID: 7240)

    • Manual execution by a user

      • msedge.exe (PID: 7084)
      • notepad.exe (PID: 8088)
      • main.exe (PID: 6248)
      • cmd.exe (PID: 8172)
      • Builder.exe (PID: 7332)
      • main.exe (PID: 7280)
      • main.exe (PID: 8028)
      • Builder.exe (PID: 7240)
      • cmd.exe (PID: 8108)

    • Reads the computer name

      • identity_helper.exe (PID: 3832)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 7084)

    • Reads Environment values

      • identity_helper.exe (PID: 3832)

    • Reads the software policy settings

      • slui.exe (PID: 6956)
      • slui.exe (PID: 3700)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 8088)

    • Application launched itself

      • msedge.exe (PID: 7084)

    • Checks proxy server information

      • slui.exe (PID: 3700)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:07:04 08:06:06
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Prince v1.0.0/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
211
Monitored processes
81
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notepad.exe no specs cmd.exe no specs conhost.exe no specs builder.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs msedge.exe no specs msedge.exe no specs slui.exe main.exe no specs conhost.exe no specs msedge.exe no specs main.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs main.exe conhost.exe no specs cmd.exe no specs cmd.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs msedge.exe no specs builder.exe conhost.exe no specs cmd.exe no specs cmd.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
320"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\Desktop\Prince.v1.0.0.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
736"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x300,0x304,0x308,0x2f8,0x310,0x7fffd2ec5fd8,0x7fffd2ec5fe4,0x7fffd2ec5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1404"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6356 --field-trial-handle=2376,i,15450489820297889841,5449843134152162852,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2032"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6412 --field-trial-handle=2376,i,15450489820297889841,5449843134152162852,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2136"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4796 --field-trial-handle=2376,i,15450489820297889841,5449843134152162852,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2492"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2692 --field-trial-handle=2376,i,15450489820297889841,5449843134152162852,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3104"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5612 --field-trial-handle=2376,i,15450489820297889841,5449843134152162852,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3140"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2352 --field-trial-handle=2376,i,15450489820297889841,5449843134152162852,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3244"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5584 --field-trial-handle=2376,i,15450489820297889841,5449843134152162852,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
3548"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7572 --field-trial-handle=2376,i,15450489820297889841,5449843134152162852,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
29 132
Read events
28 684
Write events
439
Delete events
9

Modification events

(PID) Process:(320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\Prince.v1.0.0.zip
(PID) Process:(320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
(PID) Process:(320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\Desktop
Executable files
6
Suspicious files
327
Text files
150
Unknown types
0

Dropped files

PID
Process
Filename
Type
320WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa320.5315\Prince v1.0.0\Build.battext
MD5:BA3F08ECDD98D8FE3360DE4A203F276B
SHA256:057C4D98F2D8EE103DAB1B5BB06BBD7E54AB7287D5C37E3EF5E1747186828E02
320WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa320.5315\Prince v1.0.0\Decryptor\.idea\discord.xmlxml
MD5:95F71D85833C0BAFAC1CB0AE51730E0B
SHA256:0F3216C34AC2703C55BB18B4661DFCE5EC49D3708043D8C0AED1575F9C5606D8
320WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa320.5315\Prince v1.0.0\Decryptor\.idea\modules.xmlxml
MD5:C6831B9C5CC8084751E0CDC8C8E5BC4F
SHA256:7B3E0361B2005EE6D634834598983F0A162397BC7EC7DE6B3470F90A92F928D8
320WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa320.5315\Prince v1.0.0\Builder.exeexecutable
MD5:0BFB38F717B041BA74683165ADFBF246
SHA256:D011D5444D69CDAB11645333A5A0E98DA261F1617BD44B1718320F3AAB9550C1
320WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa320.5315\Prince v1.0.0\Decryptor\go.sumtext
MD5:C5B87A947692D84A251C1B8E4DE8EFF7
SHA256:99E817D0EEE6EFEFB1DCAF5C7A62CCE989B8910259DE1C9678C156F1D70ABBA9
320WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa320.5315\Prince v1.0.0\Decryptor\configuration\configuration.gotext
MD5:053EF228CBF738E22C0DF513CAB8E751
SHA256:A45D23612350AEAE091167B7BD6F22C064D573C4FB8AA43C0187C0BCEBCD5E91
320WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa320.5315\Prince v1.0.0\Decryptor\main.gotext
MD5:209D856E8E7B8461C8DB6BD58E19F5A7
SHA256:EEC9F4A7612329A4ADF8636A6F21D5D23F79665E693B690EE01CD5AAC492FBAA
320WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa320.5315\Prince v1.0.0\Encryptor\.idea\.gitignoretext
MD5:9117C65ED9FF083256A86AF10AB88D65
SHA256:1BFDECE3645ED8ED356030F22CC2004DC3F401FF060AC3D24DE811C3BCD82E16
320WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa320.5315\Prince v1.0.0\Decryptor\.idea\vcs.xmlxml
MD5:1A16809A3A296B65911AB7B1B4CE2459
SHA256:D0DF76DE3A966F51606B564EDCCC430DBC21C32EE5C3F35DCCF95597FAD81392
320WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa320.5315\Prince v1.0.0\Decryptor\go.modtext
MD5:AD377733D2F57BF27BF43973E7481529
SHA256:2C4EA761267BF2F5066E5FFFD44934658721D6826B627298EE211DE66FAF564B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
32
TCP/UDP connections
80
DNS requests
91
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1124
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1828
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1124
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6480
svchost.exe
GET
206
87.248.204.0:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a1310cb6-94be-46c6-b8dc-986450234260?P1=1725602131&P2=404&P3=2&P4=B5PJ53Cb5uWiQe4kuHzyGgJXNJ6eZhZHqIqyRx0wdA0Hd9cXts3%2bWdGcTMGRMIsUx5gkW9QLG4p10co%2f%2bEPGcg%3d%3d
unknown
whitelisted
6480
svchost.exe
GET
206
87.248.204.0:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a1310cb6-94be-46c6-b8dc-986450234260?P1=1725602131&P2=404&P3=2&P4=B5PJ53Cb5uWiQe4kuHzyGgJXNJ6eZhZHqIqyRx0wdA0Hd9cXts3%2bWdGcTMGRMIsUx5gkW9QLG4p10co%2f%2bEPGcg%3d%3d
unknown
whitelisted
6480
svchost.exe
GET
206
87.248.204.0:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a1310cb6-94be-46c6-b8dc-986450234260?P1=1725602131&P2=404&P3=2&P4=B5PJ53Cb5uWiQe4kuHzyGgJXNJ6eZhZHqIqyRx0wdA0Hd9cXts3%2bWdGcTMGRMIsUx5gkW9QLG4p10co%2f%2bEPGcg%3d%3d
unknown
whitelisted
6480
svchost.exe
GET
206
87.248.204.0:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a1310cb6-94be-46c6-b8dc-986450234260?P1=1725602131&P2=404&P3=2&P4=B5PJ53Cb5uWiQe4kuHzyGgJXNJ6eZhZHqIqyRx0wdA0Hd9cXts3%2bWdGcTMGRMIsUx5gkW9QLG4p10co%2f%2bEPGcg%3d%3d
unknown
whitelisted
6480
svchost.exe
GET
206
87.248.204.0:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a1310cb6-94be-46c6-b8dc-986450234260?P1=1725602131&P2=404&P3=2&P4=B5PJ53Cb5uWiQe4kuHzyGgJXNJ6eZhZHqIqyRx0wdA0Hd9cXts3%2bWdGcTMGRMIsUx5gkW9QLG4p10co%2f%2bEPGcg%3d%3d
unknown
whitelisted
6480
svchost.exe
HEAD
200
87.248.204.0:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/39120fc9-de56-4074-ab8a-7c851c15af3c?P1=1725602131&P2=404&P3=2&P4=QMmRP2AV0jEbiC2hqIhFc%2bzEcAm5%2fDIVsdk%2bWYUT00QqafqeDz9aahPTh1Y9fMycbkb35YdRdx2cuRq%2b0SVeiw%3d%3d
unknown
whitelisted
6480
svchost.exe
GET
206
87.248.204.0:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/39120fc9-de56-4074-ab8a-7c851c15af3c?P1=1725602131&P2=404&P3=2&P4=QMmRP2AV0jEbiC2hqIhFc%2bzEcAm5%2fDIVsdk%2bWYUT00QqafqeDz9aahPTh1Y9fMycbkb35YdRdx2cuRq%2b0SVeiw%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
6876
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6012
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
6876
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3260
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1828
svchost.exe
40.126.32.133:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1828
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
  • 20.73.194.208
whitelisted
google.com
  • 216.58.206.46
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 40.126.32.133
  • 40.126.32.136
  • 20.190.160.22
  • 40.126.32.72
  • 20.190.160.20
  • 40.126.32.76
  • 20.190.160.17
  • 40.126.32.68
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
slscr.update.microsoft.com
  • 40.127.169.103
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Prince.v1.0.0.zip