File name:

EasyBCD2.4.exe

Full analysis: https://app.any.run/tasks/17debe17-8678-4cc4-ac84-c296c931b73b
Verdict: Malicious activity
Analysis date: July 24, 2024, 13:28:18
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

2E06476EBE1137F543EE7176D34716E7

SHA1:

6EAA6AA0E829CE8AF54213F6DE77E748C4388E23

SHA256:

0A94A43AF2DB7BDBADA87B34BF03D3B221110D1CA21BBEBEC55B08767C1281CC

SSDEEP:

98304:ilHlURur2ooGWFdzLmi9pimQ43ZIbI7KjDgXC5b7V6n0pWzvx4X1aex55V9WSdzu:hBma

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • EasyBCD2.4.exe (PID: 6484)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • EasyBCD2.4.exe (PID: 6484)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • EasyBCD2.4.exe (PID: 6484)

    • Reads security settings of Internet Explorer

      • EasyBCD2.4.exe (PID: 6484)
      • EasyBCD.exe (PID: 5860)

    • Reads the date of Windows installation

      • EasyBCD2.4.exe (PID: 6484)

    • Uses TASKKILL.EXE to kill process

      • EasyBCD2.4.exe (PID: 6484)

    • Executable content was dropped or overwritten

      • EasyBCD2.4.exe (PID: 6484)

    • Process drops legitimate windows executable

      • EasyBCD2.4.exe (PID: 6484)

    • Creates a software uninstall entry

      • EasyBCD2.4.exe (PID: 6484)

    • Reads Internet Explorer settings

      • EasyBCD.exe (PID: 5860)

  • INFO

    • Checks supported languages

      • EasyBCD2.4.exe (PID: 6484)
      • EasyBCD.exe (PID: 5860)
      • identity_helper.exe (PID: 1084)

    • Reads the computer name

      • EasyBCD2.4.exe (PID: 6484)
      • EasyBCD.exe (PID: 5860)
      • identity_helper.exe (PID: 1084)

    • Create files in a temporary directory

      • EasyBCD2.4.exe (PID: 6484)

    • Process checks computer location settings

      • EasyBCD2.4.exe (PID: 6484)

    • Creates files in the program directory

      • EasyBCD2.4.exe (PID: 6484)

    • Reads Microsoft Office registry keys

      • EasyBCD2.4.exe (PID: 6484)
      • EasyBCD.exe (PID: 5860)
      • msedge.exe (PID: 1392)
      • msedge.exe (PID: 4404)

    • Creates files or folders in the user directory

      • EasyBCD.exe (PID: 5860)

    • Reads the machine GUID from the registry

      • EasyBCD.exe (PID: 5860)

    • Application launched itself

      • msedge.exe (PID: 1392)
      • msedge.exe (PID: 4404)

    • Reads Environment values

      • identity_helper.exe (PID: 1084)

    • Manual execution by a user

      • msedge.exe (PID: 4404)

    • Checks proxy server information

      • slui.exe (PID: 7748)

    • Reads the software policy settings

      • slui.exe (PID: 7748)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:01:30 03:57:38+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 25088
InitializedDataSize: 118784
UninitializedDataSize: 1024
EntryPoint: 0x3328
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
159
Monitored processes
31
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start easybcd2.4.exe taskkill.exe no specs conhost.exe no specs easybcd.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs easybcd2.4.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\Users\admin\Desktop\EasyBCD2.4.exe" C:\Users\admin\Desktop\EasyBCD2.4.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\easybcd2.4.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
208"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2588 --field-trial-handle=2364,i,13745631530425092609,12293323715806577131,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1084"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5724 --field-trial-handle=2364,i,13745631530425092609,12293323715806577131,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1392"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://api.neosmart.net/KeyRedirect/EBCD_TranslateC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeEasyBCD.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
1
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1552"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2540 --field-trial-handle=2320,i,228277542477914815,2572016348714970165,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1756"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5996 --field-trial-handle=2364,i,13745631530425092609,12293323715806577131,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3196"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4176 --field-trial-handle=2364,i,13745631530425092609,12293323715806577131,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3280"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x290,0x294,0x298,0x288,0x2a0,0x7ffefe025fd8,0x7ffefe025fe4,0x7ffefe025ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3288"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6012 --field-trial-handle=2364,i,13745631530425092609,12293323715806577131,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winmm.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
3488"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3492 --field-trial-handle=2364,i,13745631530425092609,12293323715806577131,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
Total events
12 494
Read events
12 426
Write events
67
Delete events
1

Modification events

(PID) Process:(6484) EasyBCD2.4.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6484) EasyBCD2.4.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6484) EasyBCD2.4.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6484) EasyBCD2.4.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6484) EasyBCD2.4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EasyBCD
Operation:writeName:DisplayName
Value:
EasyBCD 2.4
(PID) Process:(6484) EasyBCD2.4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EasyBCD
Operation:writeName:UninstallString
Value:
C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\uninstall.exe
(PID) Process:(6484) EasyBCD2.4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EasyBCD
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\EasyBCD.exe
(PID) Process:(6484) EasyBCD2.4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EasyBCD
Operation:writeName:HelpLink
Value:
http://neosmart.net/forums/
(PID) Process:(6484) EasyBCD2.4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EasyBCD
Operation:writeName:URLUpdateInfo
Value:
http://neosmart.net/EasyBCD/
(PID) Process:(6484) EasyBCD2.4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EasyBCD
Operation:writeName:VersionMajor
Value:
2
Executable files
17
Suspicious files
57
Text files
343
Unknown types
12

Dropped files

PID
Process
Filename
Type
6484EasyBCD2.4.exeC:\Users\admin\AppData\Local\Temp\nsp20B5.tmp\ioSpecial.iniini
MD5:E2D5070BC28DB1AC745613689FF86067
SHA256:D95AED234F932A1C48A2B1B0D98C60CA31F962310C03158E2884AB4DDD3EA1E0
6484EasyBCD2.4.exeC:\Program Files (x86)\NeoSmart Technologies\EasyBCD\EasyBCD.exe.configxml
MD5:3379AC7243ADCFA51A02295DBEDC956A
SHA256:7EC2512B59E62A3AEB0A1025BF152A31291E17E7E469CE18EFAE153064665B03
6484EasyBCD2.4.exeC:\Users\admin\AppData\Local\Temp\nsp20B5.tmp\modern-wizard.bmpimage
MD5:1ED71CEF099AE50505B5F495CC50E2A2
SHA256:B177ADA6638B5869390C39405CAF5BEF6FA74AFAFE00BCD14DE5282867E47A26
6484EasyBCD2.4.exeC:\Program Files (x86)\NeoSmart Technologies\EasyBCD\Newtonsoft.Json.dllexecutable
MD5:0953851089821550EF013B487DA3915A
SHA256:4A56EF352F84AD19C1B4486C7C9E64FEF9A67C464C62E51BABABA79CD2D89551
6484EasyBCD2.4.exeC:\Program Files (x86)\NeoSmart Technologies\EasyBCD\LICENSEtext
MD5:2458D2762467CD07CC91448A30A2E572
SHA256:FFBFE4D5757BD4315B79F55B9151625C29110EA16ABF81517D27E17136BF4094
6484EasyBCD2.4.exeC:\Users\admin\AppData\Local\Temp\nsp20B5.tmp\System.dllexecutable
MD5:B0C77267F13B2F87C084FD86EF51CCFC
SHA256:A0CAC4CF4852895619BC7743EBEB89F9E4927CCDB9E66B1BCD92A4136D0F9C77
6484EasyBCD2.4.exeC:\Program Files (x86)\NeoSmart Technologies\EasyBCD\EasyBCD.exeexecutable
MD5:E478C92160A3C73C77CDC9F515DFD8B0
SHA256:6A6E16C176004128B918EF3F9ECF1D51D828E6099FBA6542B5AC6ABDB67C1030
6484EasyBCD2.4.exeC:\Program Files (x86)\NeoSmart Technologies\EasyBCD\bin\NST Downloader.exeexecutable
MD5:A5B3EA9EE11E9752417159BA1C618B95
SHA256:B92B2FA8916C78CCFFEF058D3BE900C840CB996028D373BA55985FD1D1DDDAC8
6484EasyBCD2.4.exeC:\Program Files (x86)\NeoSmart Technologies\EasyBCD\bin\bcdedit.exeexecutable
MD5:A60CBAEA0F8AC802D21C0CC7BC2589BE
SHA256:8BF1B71182FED18D6B4112BDC4D496800B5BF6681DE4C4F6536BA67378F38A12
6484EasyBCD2.4.exeC:\Program Files (x86)\NeoSmart Technologies\EasyBCD\NeoSmart.Localization.dllexecutable
MD5:AD0A59AE87D4BA106E965C62F0BC3D88
SHA256:3A56005B2EFB34620019EF432FE90EEB63726FC78B37BE841F25C2AED82EB1DB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
57
DNS requests
37
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
302
18.245.60.5:443
https://api.neosmart.net/KeyRedirect/EBCD_Translate
unknown
unknown
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
unknown
GET
304
13.107.21.239:443
https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
unknown
unknown
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
unknown
OPTIONS
200
23.50.131.78:443
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
unknown
GET
200
13.107.21.239:443
https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest_gz&version=4.10.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
unknown
text
266 b
unknown
GET
200
65.182.170.12:443
https://neosmart.net/forums/threads/translations-to-other-languages.696/?utm_source=EasyBCD&utm_medium=software&utm_campaign=EasyBCD%20Translation
unknown
html
155 Kb
unknown
GET
200
13.107.246.60:443
https://edge-consumer-static.azureedge.net/mouse-gesture/config.json
unknown
binary
101 b
unknown
GET
401
13.107.6.158:443
https://business.bing.com/work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox
unknown
binary
580 b
unknown
POST
200
52.182.143.213:443
https://self.events.data.microsoft.com/OneCollector/1.0/
unknown
binary
9 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3488
RUXIMICS.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6012
MoUsoCoreWorker.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5072
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
184.86.251.16:443
www.bing.com
Akamai International B.V.
DE
unknown
4204
svchost.exe
4.208.221.206:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
4404
msedge.exe
239.255.255.250:1900
whitelisted
208
msedge.exe
18.245.60.103:443
api.neosmart.net
US
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.110
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
api.neosmart.net
  • 18.245.60.103
  • 18.245.60.51
  • 18.245.60.112
  • 18.245.60.5
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.60
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
bzib.nelreports.net
  • 23.48.23.51
  • 23.48.23.26
  • 23.50.131.78
  • 23.50.131.74
whitelisted
www.bing.com
  • 184.86.251.21
  • 184.86.251.31
  • 184.86.251.22
  • 184.86.251.28
  • 184.86.251.23
  • 184.86.251.27
  • 184.86.251.26
  • 184.86.251.25
  • 184.86.251.30
  • 184.86.251.16
  • 184.86.251.4
  • 184.86.251.15
  • 184.86.251.8
  • 184.86.251.10
  • 184.86.251.9
  • 184.86.251.11
  • 184.86.251.7
  • 184.86.251.18
  • 184.86.251.17
whitelisted
edgeservices.bing.com
  • 184.86.251.4
  • 184.86.251.15
  • 184.86.251.8
  • 184.86.251.31
  • 184.86.251.10
  • 184.86.251.9
  • 184.86.251.11
  • 184.86.251.7
  • 184.86.251.16
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted

Threats

Found threats are available for the paid subscriptions
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
EasyBCD2.4.exe