File name:

RegistrySmart.exe

Full analysis: https://app.any.run/tasks/e06ae358-2df4-4c91-b404-0d12ca799cf8
Verdict: Malicious activity
Analysis date: February 10, 2024, 16:57:28
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

0002DDDBA512E20C3F82AAAB8BAD8B4D

SHA1:

493286B108822BA636CC0E53B8259E4F06ECF900

SHA256:

2D68FE191BA9E97F57F07F7BD116E53800B983D267DA99BF0A6E6624DD7E5CF7

SSDEEP:

24576:32eLSKYFDvuca/8b/gvKyLNWg8daBqqxAWvEZon2USxZr:32yQF7uz/IyL8gJqKvUc2UM9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • RegistrySmart.exe (PID: 3708)
      • is-NFR8C.tmp (PID: 3216)

    • Changes the autorun value in the registry

      • is-NFR8C.tmp (PID: 3216)

    • Actions looks like stealing of personal data

      • RegistrySmart.exe (PID: 3956)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • is-NFR8C.tmp (PID: 3216)

    • Reads the Windows owner or organization settings

      • is-NFR8C.tmp (PID: 3216)

    • Executable content was dropped or overwritten

      • RegistrySmart.exe (PID: 3708)
      • is-NFR8C.tmp (PID: 3216)

    • Reads security settings of Internet Explorer

      • RegistrySmart.exe (PID: 2444)
      • Launcher.exe (PID: 120)

    • Reads the Internet Settings

      • RegistrySmart.exe (PID: 2444)
      • RegistrySmart.exe (PID: 3956)
      • Launcher.exe (PID: 120)

  • INFO

    • Checks supported languages

      • is-NFR8C.tmp (PID: 3216)
      • RegistrySmart.exe (PID: 3708)
      • RegistrySmart.exe (PID: 2444)
      • Launcher.exe (PID: 120)
      • RegistrySmart.exe (PID: 3956)

    • Reads the computer name

      • is-NFR8C.tmp (PID: 3216)
      • RegistrySmart.exe (PID: 2444)
      • RegistrySmart.exe (PID: 3956)
      • Launcher.exe (PID: 120)

    • Creates files in the program directory

      • is-NFR8C.tmp (PID: 3216)

    • Create files in a temporary directory

      • RegistrySmart.exe (PID: 3708)
      • is-NFR8C.tmp (PID: 3216)
      • RegistrySmart.exe (PID: 3956)

    • Creates a software uninstall entry

      • is-NFR8C.tmp (PID: 3216)

    • Creates files or folders in the user directory

      • RegistrySmart.exe (PID: 2444)
      • RegistrySmart.exe (PID: 3956)

    • Application launched itself

      • msedge.exe (PID: 1344)
      • msedge.exe (PID: 2292)
      • msedge.exe (PID: 1860)

    • Reads the machine GUID from the registry

      • RegistrySmart.exe (PID: 3956)

    • Manual execution by a user

      • msedge.exe (PID: 1860)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 37376
InitializedDataSize: 17408
UninitializedDataSize: -
EntryPoint: 0x991c
OSVersion: 1
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.6.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: This installation was built with Inno Setup.
CompanyName: RegistrySmart
FileDescription: RegistrySmart Setup
FileVersion: 2.6.0.0
LegalCopyright: Copyright 2006, All rights reserved.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
80
Monitored processes
41
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start registrysmart.exe is-nfr8c.tmp registrysmart.exe no specs launcher.exe no specs registrysmart.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs registrysmart.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
120"C:\Program Files\RegistrySmart\Launcher.exe" 0:C:\Program Files\RegistrySmart\Launcher.exeRegistrySmart.exe
User:
admin
Company:
RegistrySmart
Integrity Level:
HIGH
Description:
RegistrySmart Launcher
Exit code:
0
Version:
1.0.0.1
Modules
Images
c:\program files\registrysmart\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
532"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.PageScreenshotProcessor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3428 --field-trial-handle=1268,i,11546971521260622027,3296920094020938873,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
844"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2220 --field-trial-handle=1268,i,11546971521260622027,3296920094020938873,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1028"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4360 --field-trial-handle=1268,i,11546971521260622027,3296920094020938873,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1124"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1580 --field-trial-handle=1268,i,11546971521260622027,3296920094020938873,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1220"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4980 --field-trial-handle=1268,i,11546971521260622027,3296920094020938873,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1344"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.registrysmart.com/register.phpC:\Program Files\Microsoft\Edge\Application\msedge.exeRegistrySmart.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
1384"C:\Users\admin\AppData\Local\Temp\RegistrySmart.exe" C:\Users\admin\AppData\Local\Temp\RegistrySmart.exeexplorer.exe
User:
admin
Company:
RegistrySmart
Integrity Level:
MEDIUM
Description:
RegistrySmart Setup
Exit code:
3221226540
Version:
2.6.0.0
Modules
Images
c:\users\admin\appdata\local\temp\registrysmart.exe
c:\windows\system32\ntdll.dll
1784"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2228 --field-trial-handle=1268,i,11546971521260622027,3296920094020938873,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1848"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1232 --field-trial-handle=1268,i,11546971521260622027,3296920094020938873,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
9 853
Read events
9 698
Write events
108
Delete events
47

Modification events

(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:RegistrySmart
Value:
"C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.1.10
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\RegistrySmart
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\RegistrySmart\
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:Inno Setup: Icon Group
Value:
RegistrySmart
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
desktopicon,quicklaunchicon
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:DisplayName
Value:
RegistrySmart 2.6
(PID) Process:(3216) is-NFR8C.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistrySmart_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files\RegistrySmart\RegistrySmart.exe
Executable files
13
Suspicious files
44
Text files
45
Unknown types
94

Dropped files

PID
Process
Filename
Type
3216is-NFR8C.tmpC:\Program Files\RegistrySmart\is-RA659.tmpexecutable
MD5:412A943768C74C06DB9955D8CBA40ED4
SHA256:8537AD8B3B76F4852C3402592E7B5B7B6D39F3477E9BC5FBE7D8AF3C94D3865C
3216is-NFR8C.tmpC:\Users\admin\AppData\Local\Temp\is-1VIVB.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
3216is-NFR8C.tmpC:\Program Files\RegistrySmart\license.txttext
MD5:53AC692D28B004CDD7F35EBD84CABC92
SHA256:76AD3C58D21DB52F7CAC1333B55AFBA3045129D8899856EE18FDFED9B6AA3327
3216is-NFR8C.tmpC:\Users\admin\AppData\Local\Temp\is-1VIVB.tmp\_isetup\_RegDLL.tmpexecutable
MD5:C594B792B9C556EA62A30DE541D2FB03
SHA256:5DCC1E0A197922907BCA2C4369F778BD07EE4B1BBBDF633E987A028A314D548E
3216is-NFR8C.tmpC:\Program Files\RegistrySmart\Launcher.exeexecutable
MD5:412A943768C74C06DB9955D8CBA40ED4
SHA256:8537AD8B3B76F4852C3402592E7B5B7B6D39F3477E9BC5FBE7D8AF3C94D3865C
3216is-NFR8C.tmpC:\Program Files\RegistrySmart\is-7GTFO.tmptext
MD5:53AC692D28B004CDD7F35EBD84CABC92
SHA256:76AD3C58D21DB52F7CAC1333B55AFBA3045129D8899856EE18FDFED9B6AA3327
3216is-NFR8C.tmpC:\Program Files\RegistrySmart\is-EB4BS.tmpexecutable
MD5:8C0A86CCB64B3DFC74855885886F1A29
SHA256:87007F7245559F7DE1620ABD144426D25237E0474EF242872D03E70E3BB54495
3216is-NFR8C.tmpC:\Program Files\RegistrySmart\RegistrySmart.exeexecutable
MD5:B13F9D8E3D5C88F0DDAD896D7FE33A88
SHA256:6D6BD6A03387C3F3900B4B5FC1264C73B362698BF42B668B99D0E9B65F1D7663
3216is-NFR8C.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistrySmart\RegistrySmart.lnkbinary
MD5:21769C8BF9FABAFC96404A00540E0D1E
SHA256:C02F94A819A5CEFA90B1E5095CC2FDFA85A7B2CCE94548FBFA001848AD02087B
3216is-NFR8C.tmpC:\Program Files\RegistrySmart\RegistrySmart.urltext
MD5:F7F3EDEF707194676358CD3507BF5371
SHA256:B201443A493D0C7F083B370612542F4B4FF0AC4A36D2E5B7456E88D7557B6A3A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
68
DNS requests
74
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1864
msedge.exe
GET
301
3.33.139.32:80
http://www.registrysmart.com/register.php
unknown
html
90 b
unknown
1864
msedge.exe
GET
301
3.33.139.32:80
http://www.registrysmart.com/register.php
unknown
html
90 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
1860
msedge.exe
239.255.255.250:1900
unknown
1864
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1864
msedge.exe
3.33.139.32:80
www.registrysmart.com
AMAZON-02
US
unknown
1864
msedge.exe
151.101.2.114:443
m.ask.com
FASTLY
US
unknown
1864
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1864
msedge.exe
142.250.186.138:443
fonts.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.registrysmart.com
  • 3.33.139.32
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
m.ask.com
  • 151.101.2.114
  • 151.101.66.114
  • 151.101.130.114
  • 151.101.194.114
unknown
fonts.googleapis.com
  • 142.250.186.138
whitelisted
code.jquery.com
  • 151.101.130.137
  • 151.101.2.137
  • 151.101.194.137
  • 151.101.66.137
whitelisted
client.px-cloud.net
  • 2.19.198.59
  • 23.32.238.138
unknown
www.googletagmanager.com
  • 142.250.186.72
whitelisted
fonts.gstatic.com
  • 172.217.16.131
whitelisted
collector-px8zofp9vf.px-cloud.net
  • 35.190.10.96
unknown

Threats

PID
Process
Class
Message
1864
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code.jquery .com)
1864
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
1864
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RegistrySmart.exe