File name:

RegistrySmart.exe

Full analysis: https://app.any.run/tasks/e06ae358-2df4-4c91-b404-0d12ca799cf8
Verdict: Malicious activity
Analysis date: February 10, 2024, 16:57:28
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

0002DDDBA512E20C3F82AAAB8BAD8B4D

SHA1:

493286B108822BA636CC0E53B8259E4F06ECF900

SHA256:

2D68FE191BA9E97F57F07F7BD116E53800B983D267DA99BF0A6E6624DD7E5CF7

SSDEEP:

24576:32eLSKYFDvuca/8b/gvKyLNWg8daBqqxAWvEZon2USxZr:32yQF7uz/IyL8gJqKvUc2UM9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • RegistrySmart.exe (PID: 3708)
      • is-NFR8C.tmp (PID: 3216)

    • Changes the autorun value in the registry

      • is-NFR8C.tmp (PID: 3216)

    • Actions looks like stealing of personal data

      • RegistrySmart.exe (PID: 3956)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • RegistrySmart.exe (PID: 3708)
      • is-NFR8C.tmp (PID: 3216)

    • Process drops legitimate windows executable

      • is-NFR8C.tmp (PID: 3216)

    • Reads the Windows owner or organization settings

      • is-NFR8C.tmp (PID: 3216)

    • Reads security settings of Internet Explorer

      • RegistrySmart.exe (PID: 2444)
      • Launcher.exe (PID: 120)

    • Reads the Internet Settings

      • RegistrySmart.exe (PID: 2444)
      • Launcher.exe (PID: 120)
      • RegistrySmart.exe (PID: 3956)

  • INFO

    • Checks supported languages

      • RegistrySmart.exe (PID: 3708)
      • is-NFR8C.tmp (PID: 3216)
      • RegistrySmart.exe (PID: 2444)
      • Launcher.exe (PID: 120)
      • RegistrySmart.exe (PID: 3956)

    • Create files in a temporary directory

      • RegistrySmart.exe (PID: 3708)
      • is-NFR8C.tmp (PID: 3216)
      • RegistrySmart.exe (PID: 3956)

    • Reads the computer name

      • is-NFR8C.tmp (PID: 3216)
      • RegistrySmart.exe (PID: 2444)
      • Launcher.exe (PID: 120)
      • RegistrySmart.exe (PID: 3956)

    • Creates files in the program directory

      • is-NFR8C.tmp (PID: 3216)

    • Creates a software uninstall entry

      • is-NFR8C.tmp (PID: 3216)

    • Creates files or folders in the user directory

      • RegistrySmart.exe (PID: 2444)
      • RegistrySmart.exe (PID: 3956)

    • Application launched itself

      • msedge.exe (PID: 1344)
      • msedge.exe (PID: 2292)
      • msedge.exe (PID: 1860)

    • Reads the machine GUID from the registry

      • RegistrySmart.exe (PID: 3956)

    • Manual execution by a user

      • msedge.exe (PID: 1860)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 37376
InitializedDataSize: 17408
UninitializedDataSize: -
EntryPoint: 0x991c
OSVersion: 1
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.6.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: This installation was built with Inno Setup.
CompanyName: RegistrySmart
FileDescription: RegistrySmart Setup
FileVersion: 2.6.0.0
LegalCopyright: Copyright 2006, All rights reserved.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
80
Monitored processes
41
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start registrysmart.exe is-nfr8c.tmp registrysmart.exe no specs launcher.exe no specs registrysmart.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs registrysmart.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
120"C:\Program Files\RegistrySmart\Launcher.exe" 0:C:\Program Files\RegistrySmart\Launcher.exeRegistrySmart.exe
User:
admin
Company:
RegistrySmart
Integrity Level:
HIGH
Description:
RegistrySmart Launcher
Exit code:
0
Version:
1.0.0.1
Modules
Images
c:\program files\registrysmart\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
532"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.PageScreenshotProcessor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3428 --field-trial-handle=1268,i,11546971521260622027,3296920094020938873,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
844"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2220 --field-trial-handle=1268,i,11546971521260622027,3296920094020938873,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1028"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4360 --field-trial-handle=1268,i,11546971521260622027,3296920094020938873,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1124"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1580 --field-trial-handle=1268,i,11546971521260622027,3296920094020938873,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1220"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4980 --field-trial-handle=1268,i,11546971521260622027,3296920094020938873,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1344"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.registrysmart.com/register.phpC:\Program Files\Microsoft\Edge\Application\msedge.exeRegistrySmart.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
1384"C:\Users\admin\AppData\Local\Temp\RegistrySmart.exe" C:\Users\admin\AppData\Local\Temp\RegistrySmart.exeexplorer.exe
User:
admin
Company:
RegistrySmart
Integrity Level:
MEDIUM
Description:
RegistrySmart Setup
Exit code:
3221226540
Version:
2.6.0.0
Modules
Images
c:\users\admin\appdata\local\temp\registrysmart.exe
c:\windows\system32\ntdll.dll
1784"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2228 --field-trial-handle=1268,i,11546971521260622027,3296920094020938873,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1848"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1232 --field-trial-handle=1268,i,11546971521260622027,3296920094020938873,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
9 853
Read events
9 698
Write events
108
Delete events
47

Modification events

(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:RegistrySmart
Value:
"C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.1.10
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\RegistrySmart
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\RegistrySmart\
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:Inno Setup: Icon Group
Value:
RegistrySmart
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
desktopicon,quicklaunchicon
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:DisplayName
Value:
RegistrySmart 2.6
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files\RegistrySmart\RegistrySmart.exe
Executable files
13
Suspicious files
44
Text files
45
Unknown types
94

Dropped files

PID
Process
Filename
Type
3216is-NFR8C.tmpC:\Program Files\RegistrySmart\unins000.exeexecutable
MD5:8C0A86CCB64B3DFC74855885886F1A29
SHA256:87007F7245559F7DE1620ABD144426D25237E0474EF242872D03E70E3BB54495
3216is-NFR8C.tmpC:\Program Files\RegistrySmart\is-EB4BS.tmpexecutable
MD5:8C0A86CCB64B3DFC74855885886F1A29
SHA256:87007F7245559F7DE1620ABD144426D25237E0474EF242872D03E70E3BB54495
3216is-NFR8C.tmpC:\Program Files\RegistrySmart\is-7GTFO.tmptext
MD5:53AC692D28B004CDD7F35EBD84CABC92
SHA256:76AD3C58D21DB52F7CAC1333B55AFBA3045129D8899856EE18FDFED9B6AA3327
3708RegistrySmart.exeC:\Users\admin\AppData\Local\Temp\is-JL6RO.tmp\is-NFR8C.tmpexecutable
MD5:19672882DAF21174647509B74A406A8C
SHA256:34E6FEA583CF1F995CF24E841DA2060E0777405AC228094722F17F2E337CCEA8
3216is-NFR8C.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistrySmart\RegistrySmart on the Web.lnkbinary
MD5:35E004560A5A168E53B9392D43AA64DC
SHA256:02B9BE619B17301E18632248355B41058C269CF857FAA3C0FD120C3E081CE323
3216is-NFR8C.tmpC:\Program Files\RegistrySmart\unins000.datbinary
MD5:C0189C51A04F0D3221A83CA991AC2C8B
SHA256:47C9608D5810D416BC8B8862996A90A1E2E6D671E6A0F361EDB4AD0B381A80E2
3216is-NFR8C.tmpC:\Users\admin\Desktop\RegistrySmart.lnkbinary
MD5:4978D443BB216E1E27B738A8C186E80D
SHA256:56BC21DCAF936CA9890CDC08A107FF862424F67B26AE4C8941895D9558CF1B43
3216is-NFR8C.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistrySmart\Uninstall RegistrySmart.lnkbinary
MD5:C4F5BDC6CCD10C4B9DFD6697EDD3D653
SHA256:683D4D2D5D71B9D1C378E0762C06503FCD8326D47CEEB2786B8C5FAF6729C0B7
3216is-NFR8C.tmpC:\Users\admin\AppData\Local\Temp\is-1VIVB.tmp\WizardBitmapImage2.bmpimage
MD5:A60CE4290913C1BB6E10F859657F933C
SHA256:91E6598A39879CF0E69EACF4E3661A2EA47A4086337895F26472CB945EB4A219
3216is-NFR8C.tmpC:\Program Files\RegistrySmart\license.txttext
MD5:53AC692D28B004CDD7F35EBD84CABC92
SHA256:76AD3C58D21DB52F7CAC1333B55AFBA3045129D8899856EE18FDFED9B6AA3327
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
68
DNS requests
74
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1864
msedge.exe
GET
301
3.33.139.32:80
http://www.registrysmart.com/register.php
unknown
html
90 b
unknown
1864
msedge.exe
GET
301
3.33.139.32:80
http://www.registrysmart.com/register.php
unknown
html
90 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
1860
msedge.exe
239.255.255.250:1900
unknown
1864
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1864
msedge.exe
3.33.139.32:80
www.registrysmart.com
AMAZON-02
US
unknown
1864
msedge.exe
151.101.2.114:443
m.ask.com
FASTLY
US
unknown
1864
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1864
msedge.exe
142.250.186.138:443
fonts.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.registrysmart.com
  • 3.33.139.32
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
m.ask.com
  • 151.101.2.114
  • 151.101.66.114
  • 151.101.130.114
  • 151.101.194.114
unknown
fonts.googleapis.com
  • 142.250.186.138
whitelisted
code.jquery.com
  • 151.101.130.137
  • 151.101.2.137
  • 151.101.194.137
  • 151.101.66.137
whitelisted
client.px-cloud.net
  • 2.19.198.59
  • 23.32.238.138
unknown
www.googletagmanager.com
  • 142.250.186.72
whitelisted
fonts.gstatic.com
  • 172.217.16.131
whitelisted
collector-px8zofp9vf.px-cloud.net
  • 35.190.10.96
unknown

Threats

PID
Process
Class
Message
1864
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code.jquery .com)
1864
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
1864
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RegistrySmart.exe