File name:

Redline Stealer (Cracked).zip

Full analysis: https://app.any.run/tasks/12d76618-944e-4569-aac4-c3470de0a38b
Verdict: Malicious activity
Threats:

RedLine Stealer is a malicious program that collects users’ confidential data from browsers, systems, and installed software. It also infects operating systems with other malware.

Malware Trends Tracker     >>>
Analysis date: May 31, 2024, 17:54:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
redline
telegram
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

45A6FE57C6337CC0610B2A8DC4F1528F

SHA1:

6856D0C9CBE9A4EE0E249F4B020B8D280F5DCAAB

SHA256:

0A8AA823B88D22FFDCDBC8F5F1B3C4A97B030885ED5AA2CFD8E46B89806AF7D9

SSDEEP:

98304:WJx39hUrFqNL9Ckdm4IIxYFdrkonHjgDJvLyX5FKCFBN42wjFCC44IgZI6GrKZQX:0el6JC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3968)

    • REDLINE has been detected (YARA)

      • RedLine.MainPanel-cracked.exe (PID: 1872)

  • SUSPICIOUS

    • Reads the Internet Settings

      • RedLine.MainPanel-cracked.exe (PID: 1872)

    • Reads security settings of Internet Explorer

      • RedLine.MainPanel-cracked.exe (PID: 1872)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • cmd.exe (PID: 3836)

  • INFO

    • Checks supported languages

      • RedLine.MainPanel-cracked.exe (PID: 1872)
      • wmpnscfg.exe (PID: 2708)

    • Reads the computer name

      • RedLine.MainPanel-cracked.exe (PID: 1872)
      • wmpnscfg.exe (PID: 2708)

    • Manual execution by a user

      • RedLine.MainPanel-cracked.exe (PID: 1872)
      • wmpnscfg.exe (PID: 2708)
      • cmd.exe (PID: 3836)
      • notepad.exe (PID: 3660)

    • Reads the machine GUID from the registry

      • RedLine.MainPanel-cracked.exe (PID: 1872)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3968)

    • Reads Environment values

      • RedLine.MainPanel-cracked.exe (PID: 1872)

    • Application launched itself

      • msedge.exe (PID: 1652)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (36.3)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0808
ZipCompression: None
ZipModifyDate: 2021:12:29 09:04:16
ZipCRC: 0x3b3d61c6
ZipCompressedSize: 446
ZipUncompressedSize: 446
ZipFileName: Redline Stealer/README.md
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
60
Monitored processes
24
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe #REDLINE redline.mainpanel-cracked.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs netsh.exe no specs notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
904"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3752 --field-trial-handle=1304,i,7216507759407964766,5923320503355839214,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1236"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6e6df598,0x6e6df5a8,0x6e6df5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1640"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1284 --field-trial-handle=1304,i,7216507759407964766,5923320503355839214,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1652"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/REDLINESUPPORTC:\Program Files\Microsoft\Edge\Application\msedge.exe
RedLine.MainPanel-cracked.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1832"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3756 --field-trial-handle=1304,i,7216507759407964766,5923320503355839214,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1872"C:\Users\admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe" C:\Users\admin\Desktop\Redline Stealer\RedLine.MainPanel-cracked.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
RedLinePanel
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\redline stealer\redline.mainpanel-cracked.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2276"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1636 --field-trial-handle=1304,i,7216507759407964766,5923320503355839214,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2364"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1396 --field-trial-handle=1304,i,7216507759407964766,5923320503355839214,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2408"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1452 --field-trial-handle=1304,i,7216507759407964766,5923320503355839214,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2516"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2228 --field-trial-handle=1304,i,7216507759407964766,5923320503355839214,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
13 558
Read events
13 376
Write events
172
Delete events
10

Modification events

(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3968) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\Redline Stealer (Cracked).zip
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
16
Suspicious files
84
Text files
47
Unknown types
6

Dropped files

PID
Process
Filename
Type
3968WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3968.39721\Redline Stealer\RedLine.MainPanel.exe.configxml
MD5:6EBC9B76090C8C4BF6B65C02503C6CD6
SHA256:EF9352989527D16CF5BE708B0D8E6D384618746A3999230F477CF50F34FF67C9
3968WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3968.39721\Redline Stealer\Libraries\builder.pdbpdb
MD5:418DC008EF956465E179EC29D3C3C245
SHA256:8C7E21B37540211D56C5FDBB7E731655A96945AA83F2988E33D5ADB8AA7C8DF1
3968WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3968.39721\Redline Stealer\RedLine.MainPanel.idbbinary
MD5:3DA6C975E08BF1A134B25EE33D0288B1
SHA256:16FEEF35E1C0B52A51E898A04D98034ABBC413E483DEB9C410469427035778C8
3968WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3968.39721\Redline Stealer\RedLine.MainPanel1.exe.configxml
MD5:6EBC9B76090C8C4BF6B65C02503C6CD6
SHA256:EF9352989527D16CF5BE708B0D8E6D384618746A3999230F477CF50F34FF67C9
3968WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3968.39721\Redline Stealer\MetroSet UI.dll.configxml
MD5:9A25AE6E4FBE956CC33A232AC97D3B16
SHA256:A407B110C78C0077B651FCBD05CCE073541B61E3E8B4747608069AC5CE686A8C
3968WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3968.39721\Redline Stealer\OpenPort.battext
MD5:CF1CC90281E28CEE22DCE7ED013C2678
SHA256:84399F8BCCEFA404E156A5351B1DE75A2D5290B4FDDD1754EFB16401ED7218EF
3968WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3968.39721\Redline Stealer\Libraries\Mono.Cecil.Mdb.pdbbinary
MD5:0BA762B6B5FBDA000E51D66722A3BB2C
SHA256:D18EB89421D50F079291B78783408CEE4BAB6810E4C5A4B191849265BDD5BA7C
3968WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3968.39721\Redline Stealer\Libraries\GuiLib.dllexecutable
MD5:EAF9C55793CD26F133708714ED3A5397
SHA256:87CFC70BEC2D2A37BCD5D46F9E6F0051F82E015FF96E8F2BC2D81B85F2632F15
3968WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3968.39721\Redline Stealer\Libraries\Newtonsoft.Json.dllexecutable
MD5:6815034209687816D8CF401877EC8133
SHA256:7F912B28A07C226E0BE3ACFB2F57F050538ABA0100FA1F0BF2C39F1A1F1DA814
3968WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3968.39721\Redline Stealer\RedLine.MainPanel-cracked.exeexecutable
MD5:BAF102927947289E4D589028620CE291
SHA256:A6D2D1BA6765E5245B0F62E37D9298E20C913C5A33912B98BD65A76FC5AB28AE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
20
DNS requests
14
Threats
2

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
1652
msedge.exe
239.255.255.250:1900
unknown
2364
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2364
msedge.exe
149.154.167.99:443
t.me
Telegram Messenger Inc
GB
unknown
2364
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2364
msedge.exe
95.100.146.35:443
www.bing.com
Akamai International B.V.
CZ
unknown
2364
msedge.exe
23.48.23.62:443
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
t.me
  • 149.154.167.99
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
telegram.org
  • 149.154.167.99
whitelisted
www.bing.com
  • 95.100.146.35
  • 95.100.146.24
  • 95.100.146.32
  • 95.100.146.10
  • 95.100.146.33
  • 95.100.146.16
  • 95.100.146.25
  • 95.100.146.27
  • 95.100.146.26
whitelisted
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
  • 23.48.23.62
  • 23.48.23.49
whitelisted

Threats

PID
Process
Class
Message
2364
msedge.exe
Misc activity
ET INFO Observed Telegram Domain (t .me in TLS SNI)
2364
msedge.exe
Misc activity
ET INFO Observed Telegram Domain (t .me in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Redline Stealer (Cracked).zip