File name:

mHotspot_installer.exe

Full analysis: https://app.any.run/tasks/d4770c38-a0a2-413b-8346-172566b1ec9f
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: March 03, 2025, 14:54:26
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
adware
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

9485401C016A2305D1C5A0CF7A118AF7

SHA1:

734721104B4B3EEC8A83040AE28E9ED77DD1E387

SHA256:

FE75132F4F4C44735BDC3D7572E5768A22F924F7541ECE40C340835A461FB7EC

SSDEEP:

24576:kG50ZfFK8SgNXQ1g5JruMCapWPTFHic3C5901dF9eTVB5qFkWh+wnc1+:kG5UfgE5XWapKTX3Cj0LFqVBAfhLc1+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ADWARE has been detected (SURICATA)

      • GenericSetup.exe (PID: 7020)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • mHotspot_installer.exe (PID: 6068)
      • Carrier.exe (PID: 6392)
      • Carrier.tmp (PID: 6456)

    • Reads the Windows owner or organization settings

      • GenericSetup.exe (PID: 7020)

    • Reads security settings of Internet Explorer

      • GenericSetup.exe (PID: 7020)

    • Access to an unwanted program domain was detected

      • GenericSetup.exe (PID: 7020)

    • Starts CMD.EXE for commands execution

      • GenericSetup.exe (PID: 7020)

    • The executable file from the user directory is run by the CMD process

      • Carrier.exe (PID: 6392)

    • Process drops legitimate windows executable

      • Carrier.tmp (PID: 6456)

    • Searches for installed software

      • GenericSetup.exe (PID: 7020)

  • INFO

    • The sample compiled with english language support

      • mHotspot_installer.exe (PID: 6068)
      • Carrier.tmp (PID: 6456)

    • Checks supported languages

      • mHotspot_installer.exe (PID: 6068)
      • installer.exe (PID: 1812)
      • GenericSetup.exe (PID: 7020)

    • Create files in a temporary directory

      • mHotspot_installer.exe (PID: 6068)
      • installer.exe (PID: 1812)
      • GenericSetup.exe (PID: 7020)

    • Reads the computer name

      • mHotspot_installer.exe (PID: 6068)
      • GenericSetup.exe (PID: 7020)
      • installer.exe (PID: 1812)

    • Reads the machine GUID from the registry

      • GenericSetup.exe (PID: 7020)
      • installer.exe (PID: 1812)

    • Reads product name

      • GenericSetup.exe (PID: 7020)

    • Disables trace logs

      • GenericSetup.exe (PID: 7020)

    • Checks proxy server information

      • GenericSetup.exe (PID: 7020)

    • Reads the software policy settings

      • GenericSetup.exe (PID: 7020)

    • Creates files or folders in the user directory

      • BackgroundTransferHost.exe (PID: 3896)

    • Application launched itself

      • msedge.exe (PID: 7012)
      • msedge.exe (PID: 7548)
      • msedge.exe (PID: 5384)

    • Manual execution by a user

      • msedge.exe (PID: 5384)
      • mHotspot.exe (PID: 7836)
      • mHotspot.exe (PID: 7836)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (36.8)
.exe | Win32 Executable MS Visual C++ (generic) (26.6)
.exe | Win64 Executable (generic) (23.6)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2011:04:18 18:54:06+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 104448
InitializedDataSize: 83968
UninitializedDataSize: -
EntryPoint: 0x148d4
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 7.8.8.9
ProductVersionNumber: 7.8.8.9
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileVersion: 7.8.8.9
ProductVersion: 7.8.8.9
CompanyName: 1BN Software & IT Solutions Pvt. Ltd.
FileDescription: mHotspot Setup
InternalName: -
LegalCopyright: -
OriginalFileName: -
ProductName: mHotspot
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
214
Monitored processes
70
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start mhotspot_installer.exe installer.exe no specs #ADWARE genericsetup.exe sppextcomobj.exe no specs slui.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs cmd.exe no specs conhost.exe no specs carrier.exe carrier.tmp msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs mhotspot.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs dw20.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs mhotspot.exe dw20.exe slui.exe no specs shellexperiencehost.exe no specs msedge.exe no specs mhotspot.exe dw20.exe msedge.exe no specs mhotspot_installer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
668"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2500 --field-trial-handle=2164,i,3706649622603705695,226376464078521704,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
900"C:\Users\admin\AppData\Local\Temp\mHotspot_installer.exe" C:\Users\admin\AppData\Local\Temp\mHotspot_installer.exeexplorer.exe
User:
admin
Company:
1BN Software & IT Solutions Pvt. Ltd.
Integrity Level:
MEDIUM
Description:
mHotspot Setup
Exit code:
3221226540
Version:
7.8.8.9
Modules
Images
c:\users\admin\appdata\local\temp\mhotspot_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
968"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2180 --field-trial-handle=2160,i,6293819637623518202,11418349588602106654,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1324"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3820 --field-trial-handle=2372,i,3402155859632294278,3511349302449229424,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1388"C:\Program Files (x86)\mHotspot\mHotspot.exe" C:\Program Files (x86)\mHotspot\mHotspot.exe
GenericSetup.exe
User:
admin
Company:
1BN Software & IT Solutions Pvt. Ltd.
Integrity Level:
HIGH
Description:
mHotspot
Exit code:
3762507597
Version:
7.8.8.9
Modules
Images
c:\program files (x86)\mhotspot\mhotspot.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
1568"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x29c,0x2a0,0x2a4,0x298,0x2ac,0x7ffc89b45fd8,0x7ffc89b45fe4,0x7ffc89b45ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1812.\installer.exeC:\Users\admin\AppData\Local\Temp\7zS4B70BBF0\installer.exemHotspot_installer.exe
User:
admin
Company:
adaware
Integrity Level:
HIGH
Description:
mHotspot Setup
Exit code:
0
Version:
2.5.0.1009
Modules
Images
c:\users\admin\appdata\local\temp\7zs4b70bbf0\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
2088"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
2104dw20.exe -x -s 1516C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
mHotspot.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft .NET Error Reporting Shim
Exit code:
0
Version:
2.0.50727.9149 (WinRelRS6.050727-9100)
Modules
Images
c:\windows\microsoft.net\framework\v2.0.50727\dw20.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
2552"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3716 --field-trial-handle=2160,i,6293819637623518202,11418349588602106654,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
Total events
32 952
Read events
32 855
Write events
91
Delete events
6

Modification events

(PID) Process:(7020) GenericSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GenericSetup_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(7020) GenericSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GenericSetup_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(7020) GenericSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GenericSetup_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(7020) GenericSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GenericSetup_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(7020) GenericSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GenericSetup_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(7020) GenericSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GenericSetup_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(7020) GenericSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GenericSetup_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(7020) GenericSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GenericSetup_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(7020) GenericSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GenericSetup_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(7020) GenericSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GenericSetup_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
36
Suspicious files
362
Text files
77
Unknown types
0

Dropped files

PID
Process
Filename
Type
3896BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\e2a61b81-8167-4765-98ea-8e8cdfd714c8.down_data
MD5:
SHA256:
6068mHotspot_installer.exeC:\Users\admin\AppData\Local\Temp\7zS4B70BBF0\Carrier.exeexecutable
MD5:445A6634FF346D18A0392D0F48F68440
SHA256:A3CC96A15680B9F46222401CC74C6B1518A6D2EBA09F8D837BAB648C97059BDF
6068mHotspot_installer.exeC:\Users\admin\AppData\Local\Temp\7zS4B70BBF0\GenericSetup.exeexecutable
MD5:DD0BC1074A28D68F2D67BDE160EEF53E
SHA256:97D675C3472BDC5EDE8A204AEA0A24FA9DF913E73C9C87B7C70722139CE46017
6068mHotspot_installer.exeC:\Users\admin\AppData\Local\Temp\7zS4B70BBF0\GenericSetup.exe.configxml
MD5:40E903F70B1412FEBAA4B889092BDD4F
SHA256:D335033BC27C28AE3A4E22313D4C26F9B3F6B78C44ACEF4A2D8BA3C5A5D9F9A1
6068mHotspot_installer.exeC:\Users\admin\AppData\Local\Temp\7zS4B70BBF0\fr\DevLib.resources.dllexecutable
MD5:1B16A5667ADC0259BDD877F15302E113
SHA256:6DDEBA612DCD9101A97C1C160D017D2031419AE02B3D36AE5B08C81279B52825
6068mHotspot_installer.exeC:\Users\admin\AppData\Local\Temp\7zS4B70BBF0\DevLib.dllexecutable
MD5:8A095FD91E18A66740AB9114EE927A6A
SHA256:8765766DDF08549584464AA552FA1870671A427C6CB8F21298BE62CA1620E90F
6068mHotspot_installer.exeC:\Users\admin\AppData\Local\Temp\7zS4B70BBF0\en\DevLib.resources.dllexecutable
MD5:A271DFFA95AC6EDA022525C1FEB9372D
SHA256:61EB46C2DD114B7DED3092DE42288DFDB46549228C4BC42D659EB88BF6DE3631
6068mHotspot_installer.exeC:\Users\admin\AppData\Local\Temp\7zS4B70BBF0\de\DevLib.resources.dllexecutable
MD5:DDADDBCF6DABD93FD9C666F0598A6A97
SHA256:173C6FC06AC55180D93A90FDDD6D073540EC7BF0FE895FC255EA3487001A52B1
6068mHotspot_installer.exeC:\Users\admin\AppData\Local\Temp\7zS4B70BBF0\es\DevLib.resources.dllexecutable
MD5:1C0589CE76D5A795055FEE6AFC84B925
SHA256:DE3974FF1DF602F28174F7DDD1465931A9B5C15DC0628E00D1F7340E8DB3DAF2
6068mHotspot_installer.exeC:\Users\admin\AppData\Local\Temp\7zS4B70BBF0\Microsoft.Win32.TaskScheduler.dllexecutable
MD5:EB9C531BC871F5DB42BE61082A242917
SHA256:3354DFA965567E035A85862F6AEB917C055406B03E74B043F106D64A101B708B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
71
DNS requests
72
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3896
BackgroundTransferHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
DE
binary
313 b
whitelisted
1388
mHotspot.exe
GET
200
192.124.249.23:80
http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D
US
binary
2.01 Kb
whitelisted
8096
dw20.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
CL
binary
973 b
whitelisted
8096
dw20.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
DE
binary
471 b
whitelisted
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
DE
binary
471 b
whitelisted
736
svchost.exe
HEAD
200
23.53.40.186:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5cbc98ff-b69b-4fda-ad94-17ec2f9cf48b?P1=1741420444&P2=404&P3=2&P4=ASCpWQ9NGsMS9QJRlHbOw8ec99fEECGooRr%2fXvjk9eIGBOBk1RiUlhZP0gBwlIwZO8t7X9f3f%2ftTsQ30tbns2Q%3d%3d
DE
whitelisted
736
svchost.exe
GET
206
23.53.40.186:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5cbc98ff-b69b-4fda-ad94-17ec2f9cf48b?P1=1741420444&P2=404&P3=2&P4=ASCpWQ9NGsMS9QJRlHbOw8ec99fEECGooRr%2fXvjk9eIGBOBk1RiUlhZP0gBwlIwZO8t7X9f3f%2ftTsQ30tbns2Q%3d%3d
DE
binary
3.33 Kb
whitelisted
736
svchost.exe
GET
206
23.53.40.186:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5cbc98ff-b69b-4fda-ad94-17ec2f9cf48b?P1=1741420444&P2=404&P3=2&P4=ASCpWQ9NGsMS9QJRlHbOw8ec99fEECGooRr%2fXvjk9eIGBOBk1RiUlhZP0gBwlIwZO8t7X9f3f%2ftTsQ30tbns2Q%3d%3d
DE
binary
18.9 Kb
whitelisted
736
svchost.exe
GET
206
23.53.40.186:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5cbc98ff-b69b-4fda-ad94-17ec2f9cf48b?P1=1741420444&P2=404&P3=2&P4=ASCpWQ9NGsMS9QJRlHbOw8ec99fEECGooRr%2fXvjk9eIGBOBk1RiUlhZP0gBwlIwZO8t7X9f3f%2ftTsQ30tbns2Q%3d%3d
DE
compressed
13.4 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
7020
GenericSetup.exe
104.16.213.94:443
sos.adaware.com
CLOUDFLARENET
whitelisted
3216
svchost.exe
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
20.190.160.20:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7336
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3896
BackgroundTransferHost.exe
92.123.104.62:443
www.bing.com
Akamai International B.V.
DE
whitelisted
3896
BackgroundTransferHost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
google.com
  • 142.250.186.174
whitelisted
www.google.com
  • 142.250.185.228
whitelisted
sos.adaware.com
  • 104.16.213.94
  • 104.16.212.94
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
login.live.com
  • 20.190.160.20
  • 20.190.160.3
  • 20.190.160.14
  • 20.190.160.5
  • 20.190.160.132
  • 20.190.160.65
  • 20.190.160.4
  • 40.126.32.133
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
www.bing.com
  • 92.123.104.62
  • 92.123.104.61
  • 92.123.104.9
  • 92.123.104.67
  • 92.123.104.66
  • 92.123.104.64
  • 92.123.104.65
  • 92.123.104.12
  • 92.123.104.14
  • 2.19.96.35
  • 2.19.96.34
  • 2.19.96.16
  • 2.19.96.25
  • 2.19.96.18
  • 2.19.96.32
  • 2.19.96.9
  • 2.19.96.19
  • 2.19.96.17
  • 184.86.251.16
  • 184.86.251.8
  • 184.86.251.29
  • 184.86.251.6
  • 184.86.251.24
  • 184.86.251.4
  • 184.86.251.22
  • 184.86.251.25
  • 184.86.251.28
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted

Threats

PID
Process
Class
Message
7020
GenericSetup.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] TLS SNI Domain related with Unwanted Software (sos .adaware .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
mHotspot_installer.exe