File name:

mas2-win-103_0_0-ea34_2.exe

Full analysis: https://app.any.run/tasks/2c3c8188-666a-4a3d-8192-9ed6573afd34
Verdict: Malicious activity
Analysis date: September 11, 2024, 18:11:45
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

D5EDFFCD71B3982CA34A6340A5C6B699

SHA1:

A109FCBA023AB727BDF7B4491F1ADDBBF3F80178

SHA256:

F937F8140F99415242623D19CA027CDAAC8BDFB1F3252CB9E39BDA1E26BB6465

SSDEEP:

98304:CApHb+EfYz2LhbHDfwPBRfjXg45Nk60dcViIgbRX1dm7XyMuVkY5LkotHyN/cpZD:JLy/kCinYK0/nYoap

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Checks Windows Trust Settings

      • MSetup.exe (PID: 4688)

    • Process drops legitimate windows executable

      • mas2-win-103_0_0-ea34_2.exe (PID: 3984)

    • Executable content was dropped or overwritten

      • mas2-win-103_0_0-ea34_2.exe (PID: 3984)
      • MSetup.exe (PID: 4688)
      • setup.exe (PID: 4292)

    • The process creates files with name similar to system file names

      • mas2-win-103_0_0-ea34_2.exe (PID: 3984)

    • Reads security settings of Internet Explorer

      • mas2-win-103_0_0-ea34_2.exe (PID: 3984)
      • MSetup.exe (PID: 4688)

    • Creates a software uninstall entry

      • setup.exe (PID: 4292)

    • Executes as Windows Service

      • ijplmsvc.exe (PID: 5552)

  • INFO

    • Reads the computer name

      • mas2-win-103_0_0-ea34_2.exe (PID: 3984)
      • MSetup.exe (PID: 4688)
      • setup.exe (PID: 4292)
      • ijplmsvc.exe (PID: 5552)
      • identity_helper.exe (PID: 6560)
      • ijplmsvc.exe (PID: 5000)
      • Msetup4.exe (PID: 4804)

    • Checks supported languages

      • mas2-win-103_0_0-ea34_2.exe (PID: 3984)
      • setup.exe (PID: 4292)
      • ijplmsvc.exe (PID: 5000)
      • identity_helper.exe (PID: 6560)
      • ijplmsvc.exe (PID: 5552)
      • MSetup.exe (PID: 4688)
      • Msetup4.exe (PID: 4804)

    • Create files in a temporary directory

      • mas2-win-103_0_0-ea34_2.exe (PID: 3984)

    • The process uses the downloaded file

      • mas2-win-103_0_0-ea34_2.exe (PID: 3984)
      • MSetup.exe (PID: 4688)

    • Checks proxy server information

      • MSetup.exe (PID: 4688)

    • Sends debugging messages

      • MSetup.exe (PID: 4688)

    • Creates files or folders in the user directory

      • MSetup.exe (PID: 4688)

    • Reads the software policy settings

      • MSetup.exe (PID: 4688)

    • Creates files in the program directory

      • setup.exe (PID: 4292)

    • Application launched itself

      • msedge.exe (PID: 5976)

    • Reads Environment values

      • identity_helper.exe (PID: 6560)

    • Reads the machine GUID from the registry

      • MSetup.exe (PID: 4688)

    • Process checks computer location settings

      • mas2-win-103_0_0-ea34_2.exe (PID: 3984)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (32.1)
.exe | Win64 Executable (generic) (28.5)
.exe | Winzip Win32 self-extracting archive (generic) (23.7)
.dll | Win32 Dynamic Link Library (generic) (6.7)
.exe | Win32 Executable (generic) (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:11:02 20:23:03+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 73728
InitializedDataSize: 65536
UninitializedDataSize: -
EntryPoint: 0xa79e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
172
Monitored processes
38
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start mas2-win-103_0_0-ea34_2.exe msetup4.exe no specs msetup.exe setup.exe ijplmsvc.exe no specs ijplmsvc.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs mas2-win-103_0_0-ea34_2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
236"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5812 --field-trial-handle=2368,i,3414576879292161971,9407335937212065240,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
304"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5828 --field-trial-handle=2368,i,3414576879292161971,9407335937212065240,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
904"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5688 --field-trial-handle=2368,i,3414576879292161971,9407335937212065240,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1780"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3784 --field-trial-handle=2368,i,3414576879292161971,9407335937212065240,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2032"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7260 --field-trial-handle=2368,i,3414576879292161971,9407335937212065240,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2128"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5680 --field-trial-handle=2368,i,3414576879292161971,9407335937212065240,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2248"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6688 --field-trial-handle=2368,i,3414576879292161971,9407335937212065240,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2268"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6260 --field-trial-handle=2368,i,3414576879292161971,9407335937212065240,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3648"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5536 --field-trial-handle=2368,i,3414576879292161971,9407335937212065240,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3652"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5488 --field-trial-handle=2368,i,3414576879292161971,9407335937212065240,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
19 454
Read events
10 100
Write events
9 353
Delete events
1

Modification events

(PID) Process:(4688) MSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Canon\DPSendInfoAgree
Operation:writeName:VERSION
Value:
1
(PID) Process:(4688) MSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Canon\DPSendInfoAgree
Operation:writeName:SERVICE
Value:
1
(PID) Process:(4688) MSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Canon\DPSendInfoAgree
Operation:writeName:ANALYSIS
Value:
1
(PID) Process:(4688) MSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Canon\MSETUP4\Temp\EXSP
Operation:writeName:DEVICEID
Value:
(PID) Process:(4688) MSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Canon\MSETUP4\Temp\EXSP
Operation:writeName:DEVICENAME
Value:
(PID) Process:(4688) MSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Canon\MSETUP4\Temp\EXSP
Operation:writeName:REGION
Value:
US
(PID) Process:(4688) MSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Canon\MSETUP4\Temp\EXSP
Operation:writeName:RESIDENCE
Value:
america
(PID) Process:(4688) MSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Canon\MSETUP4\Temp\EXSP
Operation:writeName:SEND_INFO_AGREE
Value:
1
(PID) Process:(4688) MSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Canon\MSETUP4\Temp\EXSP
Operation:writeName:PRIMARY_LANGID
Value:
9
(PID) Process:(4688) MSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Canon\MSETUP4\Temp\EXSP
Operation:writeName:SUB_LANGID
Value:
0
Executable files
129
Suspicious files
229
Text files
211
Unknown types
0

Dropped files

PID
Process
Filename
Type
3984mas2-win-103_0_0-ea34_2.exeC:\Users\admin\AppData\Local\Temp\mas2-win-103_0_0-ea34_2\win\bg-BG\MSetup.WPF.View.resources.dllexecutable
MD5:5D969A3729048134AE0CCF4ADC39A717
SHA256:3C6E7A4D02C3A5D2B79D8BB20A0CB8728DCD736C0B385EA747CCF690BA7BBB08
3984mas2-win-103_0_0-ea34_2.exeC:\Users\admin\AppData\Local\Temp\mas2-win-103_0_0-ea34_2\CHECKSUMtext
MD5:6700AF91D34BECA775328C033694679E
SHA256:25A67109C93E70386E13DC38EFDE83F8CDEC9BDA5A6434D08E02694FE3E389CF
3984mas2-win-103_0_0-ea34_2.exeC:\Users\admin\AppData\Local\Temp\mas2-win-103_0_0-ea34_2\win\de-DE\MSetup.WPF.View.resources.dllexecutable
MD5:0739F197076BC948DC365096440B6695
SHA256:980EF669D07B44DEF523953ECEED3591EE12131D765C93F62D6529DE5BEABF3E
3984mas2-win-103_0_0-ea34_2.exeC:\Users\admin\AppData\Local\Temp\mas2-win-103_0_0-ea34_2\win\Common.AppModel.dllexecutable
MD5:0EF52076D402D9EDBE43B32B73E172BB
SHA256:F45B86E9A4EFE8EBD1E5E4BBF4A94E528D81DDDECC220572B3BB58B6FA19126D
3984mas2-win-103_0_0-ea34_2.exeC:\Users\admin\AppData\Local\Temp\mas2-win-103_0_0-ea34_2\win\Common.Utility.dllexecutable
MD5:A5264C473E56BB86FFFC84F572EE3117
SHA256:59E2785F6A24412ED6FD3085B2A17C4E6ADB8A8746337285F33D31FC5AE4827B
3984mas2-win-103_0_0-ea34_2.exeC:\Users\admin\AppData\Local\Temp\mas2-win-103_0_0-ea34_2\Launcher\DotNet\ndp462-kb3151802-web.exeexecutable
MD5:FF672E857CAAC9870B479586C1282212
SHA256:F20AF20AE2610D4C408D2C6D3FEAA743DDE675FCDFF4D56CA11957F915715AC1
3984mas2-win-103_0_0-ea34_2.exeC:\Users\admin\AppData\Local\Temp\mas2-win-103_0_0-ea34_2\Msetup4.exeexecutable
MD5:341BD1C89C01EA6E510CFA98850B67A5
SHA256:88A93DA529DBF1196037ACD427900630513E554D049C25014876E001F633DB8F
3984mas2-win-103_0_0-ea34_2.exeC:\Users\admin\AppData\Local\Temp\mas2-win-103_0_0-ea34_2\win\Common.App.dllexecutable
MD5:130E8773F4DBF4C8B1C2F60688A3D2AD
SHA256:55DE9EBC00ECA3F8DF82674B869DF6D657C33017456F376B40B7F5F2B3E06875
3984mas2-win-103_0_0-ea34_2.exeC:\Users\admin\AppData\Local\Temp\mas2-win-103_0_0-ea34_2\win\ar-SA\MSetup.WPF.View.resources.dllexecutable
MD5:5DED88EE49625EDD921B4D3448CDA5CD
SHA256:458C6BC21F28613553A659A2A189318BF816A019169DC68E46D71FB608FFC97B
3984mas2-win-103_0_0-ea34_2.exeC:\Users\admin\AppData\Local\Temp\mas2-win-103_0_0-ea34_2\win\Common.View.dllexecutable
MD5:789A013C698EA98939399B7480AAD906
SHA256:E707E9E225DEEBFA52493FE11867DAADE1A33A07858F186F824D6BB6AF2954A9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
85
DNS requests
55
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
608
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4688
MSetup.exe
GET
200
184.29.198.118:80
http://gdlp01.c-wss.com/rmds/ij/ijs/cd/commonapplist_1/msu/win/0/cd_comp.xml
unknown
whitelisted
6108
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4688
MSetup.exe
GET
200
184.29.198.118:80
http://gdlp01.c-wss.com/rmds/ij/ijs/app/exsp/win/en/app.xml
unknown
whitelisted
2724
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2724
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
608
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6280
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
608
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4688
MSetup.exe
184.29.198.118:80
gdlp01.c-wss.com
AKAMAI-AS
NL
whitelisted
4688
MSetup.exe
184.29.198.118:443
gdlp01.c-wss.com
AKAMAI-AS
NL
whitelisted
3260
svchost.exe
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6108
svchost.exe
20.190.159.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
  • 52.167.17.97
whitelisted
google.com
  • 172.217.18.14
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
gdlp01.c-wss.com
  • 184.29.198.118
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
login.live.com
  • 20.190.159.68
  • 20.190.159.64
  • 20.190.159.4
  • 20.190.159.73
  • 20.190.159.23
  • 20.190.159.2
  • 40.126.31.73
  • 40.126.31.71
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.bing.com
  • 92.123.104.29
  • 92.123.104.34
  • 92.123.104.36
  • 92.123.104.30
  • 92.123.104.33
  • 92.123.104.21
  • 92.123.104.35
  • 92.123.104.38
  • 92.123.104.16
  • 92.123.104.31
  • 92.123.104.61
  • 92.123.104.49
  • 92.123.104.59
  • 92.123.104.62
  • 92.123.104.63
  • 92.123.104.32
whitelisted
r.bing.com
  • 92.123.104.37
  • 92.123.104.53
  • 92.123.104.49
  • 92.123.104.60
  • 92.123.104.38
  • 92.123.104.59
  • 92.123.104.51
  • 92.123.104.46
  • 92.123.104.61
whitelisted
th.bing.com
  • 92.123.104.35
  • 92.123.104.38
  • 92.123.104.47
  • 92.123.104.34
  • 92.123.104.41
  • 92.123.104.52
  • 92.123.104.49
  • 92.123.104.46
  • 92.123.104.36
whitelisted

Threats

No threats detected
Process
Message
MSetup.exe
HttpInitialize::OpenConnect() Success
MSetup.exe
CQueueManager::WinHttpOpenRequest() with ?GET?Method is Start
MSetup.exe
CQueueManager::WinHttpOpenRequest() with ?GET?Method is Complete
MSetup.exe
HttpInitialize::OpenRequest() Success
MSetup.exe
HttpInitialize::SendRequestWithProxy() Success
MSetup.exe
HttpInitialize::GetContentsLength() Success
MSetup.exe
LoopCounter:42
MSetup.exe
HttpInitialize::OpenConnect() Success
MSetup.exe
CQueueManager::WinHttpOpenRequest() with ?GET?Method is Start
MSetup.exe
CQueueManager::WinHttpOpenRequest() with ?GET?Method is Complete
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
mas2-win-103_0_0-ea34_2.exe