File name:

BOOT$TRAPPER UI.exe

Full analysis: https://app.any.run/tasks/d4ca13e3-5b08-4286-8168-745dc7b3dc06
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: May 26, 2025, 07:09:17
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
autoit
stealer
autoit-loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

7F0D834245E54ADF968BA565CA9BC1AD

SHA1:

E1479779D1829482472115F3A5FAD77077A73358

SHA256:

FEC1A04A5587A1D1BA5ED4296CC373836E8593C04C20C7193A2C5933D858E171

SSDEEP:

49152:sye+1xpVkMyrKnYzmYDnN83uJNzfLmtRIErRXKraCZrfAc+HOHza3BM9ydkSg9LS:slsxv/yrGYq4a38N60AMrauDAcDaRMaH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • AutoIt loader has been detected (YARA)

      • Actively.com (PID: 900)

    • Scans artifacts that could help determine the target

      • msedge.exe (PID: 3760)

    • Actions looks like stealing of personal data

      • OOBE-Maintenance.exe (PID: 6752)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • BOOT$TRAPPER UI.exe (PID: 1512)
      • msedge.exe (PID: 3760)

    • Starts CMD.EXE for commands execution

      • BOOT$TRAPPER UI.exe (PID: 1512)
      • cmd.exe (PID: 4976)

    • Executing commands from a ".bat" file

      • BOOT$TRAPPER UI.exe (PID: 1512)

    • Get information on the list of running processes

      • cmd.exe (PID: 4976)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 4976)

    • Application launched itself

      • cmd.exe (PID: 4976)

    • The process checks if it is being run in the virtual environment

      • Actively.com (PID: 900)

    • There is functionality for taking screenshot (YARA)

      • Actively.com (PID: 900)

    • Executes application which crashes

      • Actively.com (PID: 900)
      • OOBE-Maintenance.exe (PID: 6752)

    • The executable file from the user directory is run by the CMD process

      • Actively.com (PID: 900)

    • Starts the AutoIt3 executable file

      • cmd.exe (PID: 4976)

    • Starts application with an unusual extension

      • cmd.exe (PID: 4976)

    • Reads Mozilla Firefox installation path

      • msedge.exe (PID: 3760)

    • Loads DLL from Mozilla Firefox

      • OOBE-Maintenance.exe (PID: 6752)

    • Searches for installed software

      • OOBE-Maintenance.exe (PID: 6752)

  • INFO

    • Reads the computer name

      • BOOT$TRAPPER UI.exe (PID: 1512)
      • extrac32.exe (PID: 2692)
      • Actively.com (PID: 900)
      • msedge.exe (PID: 3760)
      • chrome.exe (PID: 6768)

    • Checks supported languages

      • BOOT$TRAPPER UI.exe (PID: 1512)
      • extrac32.exe (PID: 2692)
      • chrome.exe (PID: 6768)
      • Actively.com (PID: 900)
      • msedge.exe (PID: 3760)
      • wmlaunch.exe (PID: 7996)

    • Create files in a temporary directory

      • BOOT$TRAPPER UI.exe (PID: 1512)
      • extrac32.exe (PID: 2692)
      • OOBE-Maintenance.exe (PID: 6752)
      • msedge.exe (PID: 3760)
      • chrome.exe (PID: 6768)

    • Process checks computer location settings

      • BOOT$TRAPPER UI.exe (PID: 1512)
      • chrome.exe (PID: 6768)
      • msedge.exe (PID: 3760)

    • Creates a new folder

      • cmd.exe (PID: 6272)

    • Reads the software policy settings

      • slui.exe (PID: 4776)

    • Reads the machine GUID from the registry

      • Actively.com (PID: 900)
      • chrome.exe (PID: 6768)
      • msedge.exe (PID: 3760)
      • wmlaunch.exe (PID: 7996)

    • Manual execution by a user

      • OOBE-Maintenance.exe (PID: 6752)

    • Reads mouse settings

      • Actively.com (PID: 900)

    • Checks proxy server information

      • chrome.exe (PID: 6768)
      • msedge.exe (PID: 3760)

    • Process checks whether UAC notifications are on

      • msedge.exe (PID: 3760)

    • Application launched itself

      • msedge.exe (PID: 3760)
      • chrome.exe (PID: 6768)

    • Reads Environment values

      • msedge.exe (PID: 3760)
      • chrome.exe (PID: 6768)

    • Creates files or folders in the user directory

      • msedge.exe (PID: 3760)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:04:10 12:19:23+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 25600
InitializedDataSize: 431104
UninitializedDataSize: 16896
EntryPoint: 0x33e9
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
187
Monitored processes
53
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start boot$trapper ui.exe no specs cmd.exe no specs conhost.exe no specs sppextcomobj.exe no specs slui.exe tasklist.exe no specs findstr.exe no specs tasklist.exe no specs findstr.exe no specs cmd.exe no specs extrac32.exe no specs findstr.exe no specs cmd.exe no specs actively.com choice.exe no specs slui.exe no specs oobe-maintenance.exe conhost.exe no specs werfault.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmlaunch.exe werfault.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
668"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3660 --field-trial-handle=1952,i,9949964576196839273,1600745252009011877,262144 --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
776"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4504 --field-trial-handle=1952,i,9949964576196839273,1600745252009011877,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
776"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2136 --field-trial-handle=2188,i,7797984694384724227,3730112122329631478,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
780"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1952,i,9949964576196839273,1600745252009011877,262144 --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
900Actively.com A C:\Users\admin\AppData\Local\Temp\458735\Actively.com
cmd.exe
User:
admin
Company:
AutoIt Team
Integrity Level:
MEDIUM
Description:
AutoIt v3 Script (Beta)
Exit code:
3221225477
Version:
3, 3, 15, 5
Modules
Images
c:\users\admin\appdata\local\temp\458735\actively.com
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\psapi.dll
960"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2384 --field-trial-handle=2188,i,7797984694384724227,3730112122329631478,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1040\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeOOBE-Maintenance.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1116findstr /V "Non" Securely C:\Windows\SysWOW64\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1116"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2276 --field-trial-handle=1952,i,9949964576196839273,1600745252009011877,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1328"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2208 --field-trial-handle=1952,i,9949964576196839273,1600745252009011877,262144 --variations-seed-version /prefetch:3C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
8 433
Read events
8 416
Write events
16
Delete events
1

Modification events

(PID) Process:(6768) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6768) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6768) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6768) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6768) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(6768) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
Operation:delete keyName:(default)
Value:
(PID) Process:(3760) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
AA2405EE9A942F00
(PID) Process:(3760) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3760) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3760) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
Executable files
6
Suspicious files
244
Text files
74
Unknown types
0

Dropped files

PID
Process
Filename
Type
1512BOOT$TRAPPER UI.exeC:\Users\admin\AppData\Local\Temp\Corrected.msibinary
MD5:AFB23996D06F7C1A62579BEC75D004EE
SHA256:FF523AC527B95F8247CFB92A4715FF7FA688522EA5947D8441CC87D229CEC270
1512BOOT$TRAPPER UI.exeC:\Users\admin\AppData\Local\Temp\Posters.msibinary
MD5:FFA1BB15C5CFB0D7102BC7737814160B
SHA256:927AEB3F4304C2BE23D3B52FAD94CEC0C595B428680AB6D116C37DAE9DFC259B
1512BOOT$TRAPPER UI.exeC:\Users\admin\AppData\Local\Temp\Appeals.msicompressed
MD5:F315A24B78FFD2AFE766136500315839
SHA256:8B22175DAE78A01397F00DC66A4C6848F0B85DAEC37F214FF52EB9638D9E1E13
1512BOOT$TRAPPER UI.exeC:\Users\admin\AppData\Local\Temp\Versions.msibinary
MD5:7E5BCB6AB55BF77C6CCB10A22BEC3A74
SHA256:9E8C5BFF2AB23634D72796504686B115F4A36FF5B8AB32F678212EEB851590CF
1512BOOT$TRAPPER UI.exeC:\Users\admin\AppData\Local\Temp\Picking.msibinary
MD5:4916372EBAC14FDECC170DF0F4B2C3A9
SHA256:3575CA9D69300663DB760AF672B860EF057D764650BA675C1083A9F6D1D2F01B
1512BOOT$TRAPPER UI.exeC:\Users\admin\AppData\Local\Temp\Cleaner.msibinary
MD5:CF938ACDC58DB692E756B2CC5A67B35F
SHA256:6833FFB76A82F4D4AC5ACA2CFE18BB1E07A53DF12D6429FD434799E25FF4590D
1512BOOT$TRAPPER UI.exeC:\Users\admin\AppData\Local\Temp\Bs.msibinary
MD5:E8A11D73D9B32A8F62EF58014D21CA54
SHA256:E4A14B89FB010FB10D7911D38C636AA0F73F094C7CB14A822C49CA786CA15861
1512BOOT$TRAPPER UI.exeC:\Users\admin\AppData\Local\Temp\Broker.msibinary
MD5:47C81A44D58E3C2C391C4009C29A7831
SHA256:002AF25CDAFE28875162C73DFDB172EF904239AAB7CDB75EA05A02233174E8B2
4976cmd.exeC:\Users\admin\AppData\Local\Temp\Sells.msi.battext
MD5:CA940D74359212FCDCC0DB08F486A3C3
SHA256:F144367A264725D3F3F6E13C5E5847FB59C8E0763554E654A39D0C922B067CA5
1512BOOT$TRAPPER UI.exeC:\Users\admin\AppData\Local\Temp\Extent.msibinary
MD5:FBADAE29B2B0F11C8F54808765B6E7EB
SHA256:CAE8A218703A4425663835B89AAF7903CA173766DFB6841EF0A49DBD614CD49B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
56
DNS requests
60
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5164
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1328
chrome.exe
GET
302
142.250.181.238:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
unknown
whitelisted
5164
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
  • 51.124.78.146
whitelisted
google.com
  • 142.250.185.174
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
login.live.com
  • 40.126.31.67
  • 20.190.159.73
  • 40.126.31.71
  • 20.190.159.64
  • 40.126.31.129
  • 40.126.31.0
  • 40.126.31.128
  • 40.126.31.131
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
cQHDIrKkEpydXum.cQHDIrKkEpydXum
unknown
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BOOT$TRAPPER UI.exe