| File name: | setup.exe |
| Full analysis: | https://app.any.run/tasks/9e1f3cc4-c1af-49b9-b1d2-cd2c3967569e |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 12:54:43 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32+ executable (GUI) x86-64, for MS Windows, 6 sections |
| MD5: | 2E36F00BB9A8326DFAA9A52ECA043EE5 |
| SHA1: | CE3A098BB3EFBA7A052CE935D8041EAC7F5C6E8D |
| SHA256: | E99BF73506D9DA8A78A87D40F931E70C717C8DC8E703394EB2F934DD918237B0 |
| SSDEEP: | 98304:xHX8IqXt40x4IYoXgzxGbryVfVYGC0q1lupnVEkHi8rSHrQ835NA1R0iObMX/TCe:sGfor6Sik0zw5jsiqozaSvy |
MALICIOUS
No malicious indicators.SUSPICIOUS
Executable content was dropped or overwritten
- setup.exe (PID: 6872)
Starts CMD.EXE for commands execution
- setup.exe (PID: 5164)
- setup.exe (PID: 3132)
- cmd.exe (PID: 1096)
- cmd.exe (PID: 1568)
- cmd.exe (PID: 1628)
Reads security settings of Internet Explorer
- setup.exe (PID: 5164)
- setup.exe (PID: 3132)
Application launched itself
- setup.exe (PID: 6872)
- cmd.exe (PID: 1568)
- cmd.exe (PID: 1096)
- cmd.exe (PID: 1628)
Hides command output
- cmd.exe (PID: 5436)
- cmd.exe (PID: 3888)
- cmd.exe (PID: 1804)
Uses NSLOOKUP.EXE to check DNS info
- cmd.exe (PID: 5436)
- cmd.exe (PID: 3888)
- cmd.exe (PID: 1804)
Using 'findstr.exe' to search for text patterns in files and output
- cmd.exe (PID: 5436)
- cmd.exe (PID: 3888)
- cmd.exe (PID: 1804)
- cmd.exe (PID: 1628)
Reads the date of Windows installation
- setup.exe (PID: 3132)
There is functionality for taking screenshot (YARA)
- setup.exe (PID: 6872)
Executing commands from ".cmd" file
- setup.exe (PID: 3132)
Runs PING.EXE to delay simulation
- cmd.exe (PID: 1628)
Uses NETSH.EXE to delete a firewall rule or allowed programs
- cmd.exe (PID: 1628)
The executable file from the user directory is run by the CMD process
- wget.exe (PID: 632)
- dnsx.exe (PID: 7148)
Process uses IPCONFIG to clear DNS cache
- cmd.exe (PID: 1628)
Uses NETSH.EXE to add a firewall rule or allowed programs
- cmd.exe (PID: 1628)
INFO
Checks supported languages
- setup.exe (PID: 5164)
- setup.exe (PID: 3132)
- setup.exe (PID: 6872)
- dnsx.exe (PID: 7148)
Reads the computer name
- setup.exe (PID: 6872)
- setup.exe (PID: 3132)
Changes file name
- cmd.exe (PID: 5344)
Create files in a temporary directory
- setup.exe (PID: 6872)
- dnsx.exe (PID: 7148)
Process checks computer location settings
- setup.exe (PID: 3132)
Reads security settings of Internet Explorer
- BackgroundTransferHost.exe (PID: 2040)
- BackgroundTransferHost.exe (PID: 5892)
- BackgroundTransferHost.exe (PID: 1764)
Checks proxy server information
- BackgroundTransferHost.exe (PID: 2040)
Creates files or folders in the user directory
- BackgroundTransferHost.exe (PID: 2040)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Generic Win/DOS Executable (50) |
|---|---|---|
| .exe | | | DOS Executable Generic (49.9) |
EXIF
EXE
| MachineType: | AMD AMD64 |
|---|---|
| TimeStamp: | 2018:05:21 01:49:53+00:00 |
| ImageFileCharacteristics: | Executable, Large address aware |
| PEType: | PE32+ |
| LinkerVersion: | 10 |
| CodeSize: | 126976 |
| InitializedDataSize: | 146944 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x1f550 |
| OSVersion: | 5.2 |
| ImageVersion: | - |
| SubsystemVersion: | 5.2 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 7.0.0.0 |
| ProductVersionNumber: | 7.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Windows NT 32-bit |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Neutral |
| CharacterSet: | Unicode |
| CompanyName: | Adobe Systems Incorporated |
| FileDescription: | Adobe Setup |
| FileVersion: | 7.0.0.0 |
| InternalName: | PostInstall |
| LegalCopyright: | © 1990-2024 Adobe Systems Inc |
| OriginalFileName: | setup.exe |
| PrivateBuild: | September 14, 2024 |
| ProductName: | Setup |
| ProductVersion: | 7.0.0.0 |
Total processes
692
Monitored processes
565
Malicious processes
3
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 208 | findstr /l /c:",143.204.55.74," | C:\Windows\System32\findstr.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 1 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 208 | findstr /l /c:",18.165.122.78," | C:\Windows\System32\findstr.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 1 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 208 | findstr /l /c:",52.85.49.123," | C:\Windows\System32\findstr.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 1 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 208 | C:\WINDOWS\system32\cmd.exe /S /D /c" echo ,108.156.22.32,108.156.22.44,108.156.22.46,108.156.22.63,13.227.219.41,13.227.219.60,13.227.219.63,13.227.219.90,143.204.55.10,143.204.55.100,143.204.55.102,143.204.55.103,143.204.55.113,143.204.55.115,143.204.55.117,143.204.55.118,143.204.55.12,143.204.55.123,143.204.55.126,143.204.55.127,143.204.55.15,143.204.55.16,143.204.55.18,143.204.55.20,143.204.55.21,143.204.55.22,143.204.55.23,143.204.55.24,143.204.55.28,143.204.55.29,143.204.55.31,143.204.55.35,143.204.55.36,143.204.55.39,143.204.55.41,143.204.55.46,143.204.55.48,143.204.55.49,143.204.55.5,143.204.55.50,143.204.55.53,143.204.55.54,143.204.55.6,143.204.55.60,143.204.55.64,143.204.55.69,143.204.55.73,143.204.55.74,143.204.55.77,143.204.55.81,143.204.55.83,143.204.55.85,143.204.55.86,143.204.55.87,143.204.55.88,143.204.55.9,143.204.55.90,143.204.55.93,143.204.55.94,143.204.55.95,143.204.55.97,18.165.122.23,18.165.122.27,18.165.122.31,18.165.122.47,18.165.122.5,18.165.122.73,18.165.122.74,18.165.122.78,18.165.122.82,18.165.122.88,18.165.122.93,18.165.122.95,18.165.140.11,18.165.140.116,18.165.140.121,18.165.140.125,18.165.140.39,18.165.140.57,18.165.140.62,18.165.140.74,18.165.140.8,18.165.140.89,18.165.140.91,18.165.140.92,18.239.36.105,18.239.36.111,18.239.36.125,18.239.36.14,18.239.36.25,18.239.36.4,18.239.36.53,18.239.36.69,18.239.36.75,18.239.36.78,18.239.36.84,18.239.36.99,18.239.69.102,18.239.69.105,18.239.69.123,18.239.69.15,18.239.69.32,18.239.69.33,18.239.69.40,18.239.69.41,18.239.69.49,18.239.69.56,18.239.69.59,18.239.69.62,18.239.69.67,18.239.69.71,18.239.69.79,18.239.69.81,18.239.69.90,18.239.69.94,18.239.69.97,18.239.83.113,18.239.83.14,18.239.83.27,18.239.83.87,18.239.94.26,18.239.94.73,18.239.94.80,18.239.94.85,18.65.39.126,18.65.39.23,18.65.39.27,18.65.39.37,18.65.39.41,18.65.39.56,18.65.39.78,18.65.39.97,3.164.206.100,3.164.206.104,3.164.206.107,3.164.206.120,3.164.206.3,3.164.206.35,3.164.206.4,3.164.206.48,3.164.206.51,3.164.206.61,3.164.206.65,3.164.206.8,3.164.206.83,3.164.206.85,3.164.206.90,3.164.206.97,3.164.68.10,3.164.68.100,3.164.68.105,3.164.68.128,3.164.68.13,3.164.68.2,3.164.68.20,3.164.68.34,3.164.68.35,3.164.68.36,3.164.68.37,3.164.68.40,3.164.68.47,3.164.68.54,3.164.68.59,3.164.68.66,3.164.68.70,3.164.68.79,3.164.68.81,3.164.68.83,3.164.68.87,3.164.68.96,3.164.68.99,52.85.49.102,52.85.49.108,52.85.49.112,52.85.49.121,52.85.49.122,52.85.49.123,52.85.49.124,52.85.49.126,52.85.49.127,52.85.49.129,52.85.49.13,52.85.49.16,52.85.49.18,52.85.49.19,52.85.49.22,52.85.49.30,52.85.49.42,52.85.49.49,52.85.49.53,52.85.49.54,52.85.49.60,52.85.49.62,52.85.49.66,52.85.49.71,52.85.49.72,52.85.49.73,52.85.49.74,52.85.49.77,52.85.49.78,52.85.49.80,52.85.49.86,52.85.49.89,52.85.49.94,52.85.49.96,52.85.49.99,54.240.174.100,54.240.174.102,54.240.174.104,54.240.174.105,54.240.174.110,54.240.174.112,54.240.174.113,54.240.174.115,54.240.174.117,54.240.174.118,54.240.174.119,54.240.174.121,54.240.174.123,54.240.174.126,54.240.174.15,54.240.174.16,54.240.174.17,54.240.174.19,54.240.174.23,54.240.174.26,54.240.174.28,54.240.174.3,54.240.174.30,54.240.174.39," | C:\Windows\System32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 516 | nslookup -type=ns ic.adobe.io | C:\Windows\System32\nslookup.exe | cmd.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: nslookup Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 516 | findstr /l /c:",13.227.219.41," | C:\Windows\System32\findstr.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 1 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 516 | findstr /l /c:",143.204.55.102," | C:\Windows\System32\findstr.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 1 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 516 | C:\WINDOWS\system32\cmd.exe /S /D /c" echo ,108.156.22.32,108.156.22.44,108.156.22.46,108.156.22.63,13.227.219.41,13.227.219.60,13.227.219.63,13.227.219.90,143.204.55.10,143.204.55.100,143.204.55.102,143.204.55.103,143.204.55.113,143.204.55.115,143.204.55.117,143.204.55.118,143.204.55.12,143.204.55.123,143.204.55.126,143.204.55.127,143.204.55.15,143.204.55.16,143.204.55.18,143.204.55.20,143.204.55.21,143.204.55.22,143.204.55.23,143.204.55.24,143.204.55.28,143.204.55.29," | C:\Windows\System32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 516 | findstr /l /c:",143.204.55.60," | C:\Windows\System32\findstr.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 1 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 516 | C:\WINDOWS\system32\cmd.exe /S /D /c" echo ,108.156.22.32,108.156.22.44,108.156.22.46,108.156.22.63,13.227.219.41,13.227.219.60,13.227.219.63,13.227.219.90,143.204.55.10,143.204.55.100,143.204.55.102,143.204.55.103,143.204.55.113,143.204.55.115,143.204.55.117,143.204.55.118,143.204.55.12,143.204.55.123,143.204.55.126,143.204.55.127,143.204.55.15,143.204.55.16,143.204.55.18,143.204.55.20,143.204.55.21,143.204.55.22,143.204.55.23,143.204.55.24,143.204.55.28,143.204.55.29,143.204.55.31,143.204.55.35,143.204.55.36,143.204.55.39,143.204.55.41,143.204.55.46,143.204.55.48,143.204.55.49,143.204.55.5,143.204.55.50,143.204.55.53,143.204.55.54,143.204.55.6,143.204.55.60,143.204.55.64,143.204.55.69,143.204.55.73,143.204.55.74,143.204.55.77,143.204.55.81,143.204.55.83," | C:\Windows\System32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
Total events
13 190
Read events
13 175
Write events
15
Delete events
0
Modification events
| (PID) Process: | (5064) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (5064) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (5064) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (2040) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (2040) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (2040) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (5892) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (5892) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (5892) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (1764) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
Executable files
3
Suspicious files
7
Text files
11
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2040 | BackgroundTransferHost.exe | C:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f7af7fb2-84fb-4d09-b4bf-5f8178e0e572.down_data | — | |
MD5:— | SHA256:— | |||
| 6872 | setup.exe | C:\Users\admin\AppData\Local\Temp\Adobe After Effects Temp\BlockIPs.cmd | text | |
MD5:70532EBA6100358F5BA7620D9B2A0843 | SHA256:5259BADC06BA77606C3C01A54CEAB7175C3A237668D3EABB4445C38FE6CD9998 | |||
| 7148 | dnsx.exe | C:\Users\admin\AppData\Local\Temp\hm401168435\CURRENT.0 | text | |
MD5:6159AC332FBA78E3046D9F75EDB5E396 | SHA256:179AEE986B08DD1C9B42165766A9F86BE710E30D130C79FF234C4F8FBFB85F76 | |||
| 6872 | setup.exe | C:\Users\admin\AppData\Local\Temp\Adobe After Effects Temp\dnsx.exe | executable | |
MD5:47C028F041C83817250E3D49126A8C88 | SHA256:9F7A353258017C04C5197379F5F5F6821E32712346C9AC4611313B2712805120 | |||
| 6872 | setup.exe | C:\Users\admin\AppData\Local\Temp\Adobe After Effects Temp\iplist.txt | text | |
MD5:EC97A1797E1DB06984534B0F5AEFE1B9 | SHA256:303AEED937DE96236F5DDDBA75AA69D1AEB9CCC720F3C194995567C1A55B435E | |||
| 7148 | dnsx.exe | C:\Users\admin\AppData\Local\Temp\hm401168435\MANIFEST-000000 | binary | |
MD5:CBA3CA9834B7BB57A118F54D112359DA | SHA256:135E8BB0B3D297C61E0B989D02D4445D9A16A7D4FFD1C66FCFF7B42E1BCC53AC | |||
| 4180 | findstr.exe | C:\Users\admin\AppData\Local\Temp\Adobe After Effects Temp\pihole_new.txt | text | |
MD5:62E6DB72C8EF7AB4E752E6F72FFA10E7 | SHA256:ACA25829C8342F9382FBEC7A6471ADCA20383B9931EE3F1CE6B9A121B1C17802 | |||
| 1628 | cmd.exe | C:\Users\admin\AppData\Local\Temp\Adobe After Effects Temp\iplist.txt | text | |
MD5:A8F4D951A652C0609B4D75045681D73C | SHA256:EB1920CBB3B3BA8FDA93BFE1FBF1BDC34E20603200D57CB5340FCC8AF5845D32 | |||
| 6872 | setup.exe | C:\Users\admin\AppData\Local\Temp\Adobe After Effects Temp\wget.exe | executable | |
MD5:B1F557BD6A97A95CFF5DBCC55BF6E9BB | SHA256:A6093F8F40F90AD576B0463FB352318416EA24265D3E8F43D4F7F3723F7E7F77 | |||
| 7148 | dnsx.exe | C:\Users\admin\AppData\Local\Temp\hm401168435\000001.log | binary | |
MD5:C8A0A0F6ECE9137EC2F14415CD948AEB | SHA256:A3BF578FC5C737970917E29BCE1D6646F53BA5FAFE117D8585F1D7A09AED56AE | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
22
DNS requests
1 404
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
6544 | svchost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
4408 | backgroundTaskHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
2040 | BackgroundTransferHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D | unknown | — | — | whitelisted |
5228 | SIHClient.exe | GET | 200 | 23.219.150.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
5228 | SIHClient.exe | GET | 200 | 23.219.150.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 4.231.128.59:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
2104 | svchost.exe | 4.231.128.59:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
3216 | svchost.exe | 40.113.103.199:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 40.126.32.133:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
4408 | backgroundTaskHost.exe | 20.199.58.43:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | FR | whitelisted |
4408 | backgroundTaskHost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
632 | wget.exe | 104.21.16.1:443 | a.dove.isdumb.one | CLOUDFLARENET | — | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
2.100.168.192.in-addr.arpa |
| whitelisted |
ic.adobe.io |
| whitelisted |
a.dove.isdumb.one |
| unknown |
017sxef5kv.adobestats.io |
| unknown |
04jkjo2db5.adobestats.io |
| unknown |