File name:

Kontur.Dostup.Abonent.exe

Full analysis: https://app.any.run/tasks/9c184ed1-a731-4843-ab4d-3df9fa7b0fde
Verdict: Malicious activity
Analysis date: July 29, 2024, 08:47:58
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

BD1BD32FA2D232F4E5AEF1625BFBCF06

SHA1:

BA926EA85239E81C0C6B0E0BF6DDA2D128834566

SHA256:

3120144FCF19C15CB1B480F2007CE0C7816C2068D38E138D74AD606BB9FBD3CE

SSDEEP:

98304:eubes+AssxXmByVHv16bFRXMSlEXvEy9701TZuGXn8YuDJQEHePCrPQW8un/8BE2:VXnuip5cX1f

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Kontur.Dostup.Abonent.exe (PID: 2708)
      • kontur.updater.exe (PID: 4140)

    • Uses Task Scheduler to run other applications

      • kontur.updater.exe (PID: 4140)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Kontur.Dostup.Abonent.exe (PID: 2708)
      • kontur.updater.exe (PID: 4140)

    • The process creates files with name similar to system file names

      • Kontur.Dostup.Abonent.exe (PID: 2708)
      • kontur.updater.exe (PID: 4140)

    • Reads security settings of Internet Explorer

      • Kontur.Dostup.Abonent.exe (PID: 2708)
      • Kontur.Dostup.Abonent.exe (PID: 7032)

    • Executable content was dropped or overwritten

      • kontur.updater.exe (PID: 4140)
      • Kontur.Dostup.Abonent.exe (PID: 2708)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 2492)

    • Reads the date of Windows installation

      • Kontur.Dostup.Abonent.exe (PID: 7032)

    • Executes as Windows Service

      • Kontur.Dostup.Abonent.exe (PID: 2124)

    • Application launched itself

      • Kontur.Dostup.Abonent.exe (PID: 7032)
      • Kontur.Dostup.Abonent.exe (PID: 2124)

    • Potential Corporate Privacy Violation

      • Kontur.Dostup.Abonent.exe (PID: 2708)

  • INFO

    • Creates files or folders in the user directory

      • Kontur.Dostup.Abonent.exe (PID: 2708)
      • kontur.updater.exe (PID: 4140)

    • Reads the software policy settings

      • Kontur.Dostup.Abonent.exe (PID: 2708)

    • Create files in a temporary directory

      • Kontur.Dostup.Abonent.exe (PID: 2708)
      • kontur.updater.exe (PID: 4140)

    • Reads the computer name

      • Kontur.Dostup.Abonent.exe (PID: 2708)
      • kontur.updater.exe (PID: 4140)
      • Kontur.Dostup.Abonent.exe (PID: 4936)
      • Kontur.Dostup.Abonent.exe (PID: 2124)
      • Kontur.Dostup.Abonent.exe (PID: 3140)

    • Process checks computer location settings

      • Kontur.Dostup.Abonent.exe (PID: 7032)

    • Checks supported languages

      • Kontur.Dostup.Abonent.exe (PID: 2708)
      • Kontur.Dostup.Abonent.exe (PID: 7032)
      • Kontur.Dostup.Abonent.exe (PID: 3140)
      • Kontur.Dostup.Abonent.exe (PID: 4936)
      • Kontur.Dostup.Abonent.exe (PID: 2124)

    • Process checks whether UAC notifications are on

      • Kontur.Dostup.Abonent.exe (PID: 3140)
      • Kontur.Dostup.Abonent.exe (PID: 4936)
      • Kontur.Dostup.Abonent.exe (PID: 2124)

    • Reads the machine GUID from the registry

      • Kontur.Dostup.Abonent.exe (PID: 3140)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:02 02:11:21+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 29184
InitializedDataSize: 195072
UninitializedDataSize: 2048
EntryPoint: 0x39b6
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 4.9.0.4651
ProductVersionNumber: 4.9.0.4651
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: SKB Kontur remote control tool
CompanyName: PF SKB Kontur AO
FileDescription: Kontur.Dostup Abonent
FileVersion: 4.9.0.4651
InternalName: Kontur.Dostup Abonent
LegalCopyright: (C) 2021-2024 PF SKB Kontur AO
OriginalFileName: Kontur.Dostup.Abonent.exe
ProductName: Kontur.Dostup Abonent
ProductVersion: 4.9.0.4651
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
152
Monitored processes
11
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start kontur.dostup.abonent.exe kontur.dostup.abonent.exe no specs kontur.updater.exe schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs kontur.dostup.abonent.exe kontur.dostup.abonent.exe no specs kontur.dostup.abonent.exe slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
396C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2124"C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4651\Kontur.Dostup.Abonent.exe" SessionID=1 RunAsAdmin=1 C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4651\Kontur.Dostup.Abonent.exeservices.exe
User:
SYSTEM
Company:
PF SKB Kontur AO
Integrity Level:
SYSTEM
Description:
Контур.Доступ - Абонент
Exit code:
0
Version:
4.9.0.4651
Modules
Images
c:\users\admin\appdata\local\skbkontur\kontur.dostup\4.9.0.4651\kontur.dostup.abonent.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
2492"C:\WINDOWS\system32\schtasks.exe" /Delete /TN "Kontur.Updater-v1.3.0.267-S-1-5-21-1693682860-607145093-2874071422-1001" /F /HRESULTC:\Windows\SysWOW64\schtasks.exekontur.updater.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Task Scheduler Configuration Tool
Exit code:
2147942402
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2708"C:\Users\admin\AppData\Local\Temp\Kontur.Dostup.Abonent.exe" C:\Users\admin\AppData\Local\Temp\Kontur.Dostup.Abonent.exe
explorer.exe
User:
admin
Company:
PF SKB Kontur AO
Integrity Level:
MEDIUM
Description:
Kontur.Dostup Abonent
Exit code:
0
Version:
4.9.0.4651
Modules
Images
c:\users\admin\appdata\local\temp\kontur.dostup.abonent.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2748\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3140"C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4651\Kontur.Dostup.Abonent.exe" RunAsAdmin=1 C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4651\Kontur.Dostup.Abonent.exe
Kontur.Dostup.Abonent.exe
User:
SYSTEM
Company:
PF SKB Kontur AO
Integrity Level:
SYSTEM
Description:
Контур.Доступ - Абонент
Version:
4.9.0.4651
Modules
Images
c:\users\admin\appdata\local\skbkontur\kontur.dostup\4.9.0.4651\kontur.dostup.abonent.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
4140"C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4651\kontur.updater.exe" /SC:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4651\kontur.updater.exe
Kontur.Dostup.Abonent.exe
User:
admin
Company:
АО «ПФ «СКБ Контур»
Integrity Level:
MEDIUM
Description:
Контур.Автообновления 1.3.0.267
Exit code:
0
Version:
1.3.0.267
Modules
Images
c:\users\admin\appdata\local\temp\nse1c3c.tmp\system.dll
c:\windows\syswow64\sspicli.dll
c:\users\admin\appdata\local\temp\nse1c3c.tmp\nsexec.dll
4752\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4936"C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4651\Kontur.Dostup.Abonent.exe" RunAsAdmin=1 C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4651\Kontur.Dostup.Abonent.exe
Kontur.Dostup.Abonent.exe
User:
admin
Company:
PF SKB Kontur AO
Integrity Level:
HIGH
Description:
Контур.Доступ - Абонент
Exit code:
0
Version:
4.9.0.4651
Modules
Images
c:\users\admin\appdata\local\skbkontur\kontur.dostup\4.9.0.4651\kontur.dostup.abonent.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6684"C:\WINDOWS\system32\schtasks.exe" /Create /xml "C:\Users\admin\AppData\Local\SkbKontur\Updater\1.3.0.267\nsu1C4D.tmp" /TN "Kontur.Updater-v1.3.0.267-S-1-5-21-1693682860-607145093-2874071422-1001" /HRESULTC:\Windows\SysWOW64\schtasks.exekontur.updater.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
6 739
Read events
6 634
Write events
105
Delete events
0

Modification events

(PID) Process:(2708) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkbKontur\Kontur.Dostup\session.server\PeSecurity
Operation:writeName:aeffc5056d9678f340814a7be28b70bdc22be5c432918fb3381a6c86e0f1c89f
Value:
4.9.0.4651
(PID) Process:(2708) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkbKontur\Kontur.Dostup\session.server\PeSecurity
Operation:writeName:3fa277fbedee19eb9bcf41026e3885fcf3dfae640d914960b96ed3e709d1ba01
Value:
4.9.0.4651
(PID) Process:(2708) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkbKontur\Kontur.Dostup\session.server\PeSecurity
Operation:writeName:998de96919e02ed6604976b63489a787b1cfcbd30568f2f7b704a8b2fe13f414
Value:
4.9.0.4651
(PID) Process:(2708) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkbKontur\Kontur.Dostup\session.server\PeSecurity
Operation:writeName:8b39c30bcea7417f25d328ec039da975c77c107d640445a51257c4a9efa3fb1b
Value:
4.9.0.4651
(PID) Process:(2708) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkbKontur\Kontur.Dostup\session.server\PeSecurity
Operation:writeName:841357de4541f587c05b795cf5a3ae01ad0d9bf38cc7b6b0d5edada67a3b8045
Value:
4.9.0.4651
(PID) Process:(2708) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkbKontur\Kontur.Dostup\session.server\PeSecurity
Operation:writeName:f5d1b0f5821e91ee4234daa88db36de7d981f4eb1fb487986a7e877af16bee29
Value:
4.9.0.4651
(PID) Process:(2708) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkbKontur\Kontur.Dostup\session.server
Operation:writeName:InstallDate
Value:
20240729
(PID) Process:(2708) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkbKontur\Kontur.Dostup\session.server
Operation:writeName:InstallPath
Value:
C:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4651
(PID) Process:(2708) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkbKontur\Kontur.Dostup\session.server
Operation:writeName:Version
Value:
4.9.0.4651
(PID) Process:(7032) Kontur.Dostup.Abonent.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
23
Suspicious files
3
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
2708Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\Local\Temp\nsnB34.tmp\System.dllexecutable
MD5:4ADD245D4BA34B04F213409BFE504C07
SHA256:9111099EFE9D5C9B391DC132B2FAF0A3851A760D4106D5368E30AC744EB42706
2708Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\Local\Temp\nsnB34.tmp\screenhooks64.dllexecutable
MD5:966CF752CB214BA32D546EF31B623D79
SHA256:23B7770B3A92537E531BFAACC69127A495089DB99C5A4E7ADA3ED390EC4D8943
2708Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\Local\Temp\nsnB34.tmp\Updater.Abonent.exeexecutable
MD5:BD1BD32FA2D232F4E5AEF1625BFBCF06
SHA256:3120144FCF19C15CB1B480F2007CE0C7816C2068D38E138D74AD606BB9FBD3CE
2708Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\Local\Temp\nsnB34.tmp\screenhooks32.dllexecutable
MD5:B3D98F01B4281B4A66604EC07762C501
SHA256:147530B1AD25654FD7FA67312D143B82AA9AF4FA3491CB702B2F3B755AE1DBB8
2708Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4651\Updater.logtext
MD5:5DF9A22CEC719ED1B2956F78A8E24D6D
SHA256:95A0D3285D79C16998886CE86BCBB2B0116E72521286DB49B8FDC4F5CD1769CA
2708Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\Local\Temp\nsnB34.tmp\UserInfo.dllexecutable
MD5:D458B8251443536E4A334147E0170E95
SHA256:4913D4CCCF84CD0534069107CFF3E8E2F427160CAD841547DB9019310AC86CC7
2708Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\Local\Temp\nsnB34.tmp\Updater.dllexecutable
MD5:E479C83750581C36108F539FF0A28568
SHA256:81BEE513D6DB0139D9B69E301B140CD88590EB57AF29FBB17CE83046E0C22847
2708Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\Local\Temp\nsnB34.tmp\kontur.dostup.session.host.exeexecutable
MD5:D45F513F674D40A430A64FB3D91AE3B9
SHA256:DF252856B4A2EB0226E5EA93C8E822805C07C83D122E5A6E0584C840C7FCC5F1
2708Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\Local\SkbKontur\Kontur.Dostup\4.9.0.4651\components\kontur.dostup.session.host.exeexecutable
MD5:D45F513F674D40A430A64FB3D91AE3B9
SHA256:DF252856B4A2EB0226E5EA93C8E822805C07C83D122E5A6E0584C840C7FCC5F1
2708Kontur.Dostup.Abonent.exeC:\Users\admin\AppData\Local\Temp\nsnB34.tmp\LICENSE.txttext
MD5:FFA10F40B98BE2C2BC9608F56827ED23
SHA256:189B1AF95D661151E054CEA10C91B3D754E4DE4D3FECFB074C1FB29476F7167B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
45
DNS requests
25
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
3676
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
1516
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
5368
SearchApp.exe
131.253.33.254:443
a-ring-fallback.msedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3952
svchost.exe
239.255.255.250:1900
whitelisted
5368
SearchApp.exe
104.126.37.179:443
www.bing.com
Akamai International B.V.
DE
unknown
4128
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6012
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3656
slui.exe
40.91.76.224:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5692
slui.exe
40.91.76.224:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6700
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2708
Kontur.Dostup.Abonent.exe
46.17.203.51:443
help.kontur.ru
JSC SKB Kontur production
RU
unknown

DNS requests

Domain
IP
Reputation
t-ring-fdv2.msedge.net
  • 13.107.237.254
unknown
a-ring-fallback.msedge.net
  • 131.253.33.254
unknown
www.bing.com
  • 104.126.37.179
  • 104.126.37.137
  • 104.126.37.130
  • 104.126.37.123
  • 104.126.37.178
  • 104.126.37.131
  • 104.126.37.185
  • 104.126.37.128
  • 104.126.37.186
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 172.217.18.14
whitelisted
help.kontur.ru
  • 46.17.203.51
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 40.126.32.133
  • 20.190.160.22
  • 20.190.160.17
  • 20.190.160.14
  • 40.126.32.134
  • 40.126.32.136
  • 40.126.32.138
  • 40.126.32.74
whitelisted
fp-afd-nocache-ccp.azureedge.net
  • 13.107.246.45
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted

Threats

Found threats are available for the paid subscriptions
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Kontur.Dostup.Abonent.exe