URL:

109.186.217.138

Full analysis: https://app.any.run/tasks/7bd26170-2200-4cd2-8e0f-9b12227b71e1
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 13, 2023, 20:01:13
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
eicar
loader
Indicators:
MD5:

CF2E483A6D1209FC721F3FA1B4DB9935

SHA1:

2CA37292E71664B52B23936D4D0D2B0868F6DDDC

SHA256:

3FA3F22F27E6B2DE8431EAC3F5830607D0BB5ACC82E4F90AA3A677A1AFEC8244

SSDEEP:

3:McL6bd:Mccd

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • The EICAR Standard Anti-Virus Test File is detected

      • msedge.exe (PID: 2652)
      • msedge.exe (PID: 4988)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • msedge.exe (PID: 2652)

    • The process uses the downloaded file

      • msedge.exe (PID: 7612)
      • msedge.exe (PID: 2868)
      • msedge.exe (PID: 7632)
      • msedge.exe (PID: 636)
      • msedge.exe (PID: 3912)
      • msedge.exe (PID: 7312)
      • msedge.exe (PID: 2652)
      • EXCEL.EXE (PID: 7476)

    • Reads the computer name

      • identity_helper.exe (PID: 6744)
      • JRuler.exe (PID: 5928)
      • SmallExecutable.exe (PID: 5192)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 2652)
      • msedge.exe (PID: 4988)

    • Checks supported languages

      • JRuler.exe (PID: 5928)
      • TestSandbox2.exe (PID: 7996)
      • identity_helper.exe (PID: 6744)
      • SmallExecutable.exe (PID: 5192)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
192
Monitored processes
57
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs jruler.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs smallexecutable.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs testsandbox2.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe no specs excel.exe excel.exe excel.exe excel.exe excel.exe excel.exe excel.exe

Process information

PID
CMD
Path
Indicators
Parent process
636"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2084,i,16118316298561137056,8450268364498289713,131072 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
2316"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\admin\Downloads\be4d644175baadbceacd9780f8233a6591f4290d9d27334fd7167861ab79fc64.xlsx"C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Excel
Exit code:
0
Version:
16.0.16026.20146
Modules
Images
c:\program files\microsoft office\root\office16\excel.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\gdi32.dll
2556"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5800 --field-trial-handle=2084,i,16118316298561137056,8450268364498289713,131072 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
2592"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7728 --field-trial-handle=2084,i,16118316298561137056,8450268364498289713,131072 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
2652"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "109.186.217.138"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
2868"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 --field-trial-handle=2084,i,16118316298561137056,8450268364498289713,131072 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
2892"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7320 --field-trial-handle=2084,i,16118316298561137056,8450268364498289713,131072 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
3172"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=2084,i,16118316298561137056,8450268364498289713,131072 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
3336"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=111.0.5563.149 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=111.0.1661.62 --initial-client-data=0x104,0x108,0x10c,0xe0,0x74,0x7ffd7d0bb5f8,0x7ffd7d0bb608,0x7ffd7d0bb618C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
3876"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7640 --field-trial-handle=2084,i,16118316298561137056,8450268364498289713,131072 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
Total events
28 138
Read events
27 515
Write events
506
Delete events
117

Modification events

(PID) Process:(2652) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2652) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2652) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2652) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2652) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(2652) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(2652) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
(PID) Process:(2652) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:usagestats
Value:
0
(PID) Process:(2652) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:urlstats
Value:
0
(PID) Process:(2652) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
BC8CC635B5602F00
Executable files
21
Suspicious files
156
Text files
914
Unknown types
1

Dropped files

PID
Process
Filename
Type
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF14dd8d.TMP
MD5:
SHA256:
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF14ddac.TMP
MD5:
SHA256:
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF14ddfa.TMP
MD5:
SHA256:
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
2652msedge.exeC:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\CRASHPAD\SETTINGS.DATbinary
MD5:AE78610F57A24ED740046B2A7CBE0272
SHA256:7155BB73DA7368FB1A65E29E58B36988C7DEA30362619803908D7CFD955C22E9
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local Statebinary
MD5:EA79F305DC88B440AB043828A72CDD67
SHA256:E05714291E1A4B10EC24282E576AE1A1DE184E1FB9EBF58B08C6B4082FBAA7CF
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Last Versiontext
MD5:D6DB6EA02FE506F2DA98F1C137243587
SHA256:126173A7D7D0F54A9FCE5465180BC49DB023E723A41BB55A0F9497BE76FBAA28
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-walbinary
MD5:C452D7291EFE983859CEBE4BA5FB925E
SHA256:C6DB38CA93B5BD4B25F0B7FF0528683CAEC1A508A6C9557A18A0BC834552D3EF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
36
TCP/UDP connections
191
DNS requests
95
Threats
25

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4988
msedge.exe
GET
200
109.186.217.138:80
http://109.186.217.138/
unknown
html
1.16 Kb
unknown
4988
msedge.exe
GET
109.186.217.138:80
http://109.186.217.138/dd4979e886bd46b6a5c618eb78b4525f36d3fa6ea9c6abb14e42ffa177a46ced.exe
unknown
unknown
4988
msedge.exe
GET
109.186.217.138:80
http://109.186.217.138/be4d644175baadbceacd9780f8233a6591f4290d9d27334fd7167861ab79fc64.xlsx
unknown
unknown
4988
msedge.exe
GET
200
109.186.217.138:80
http://109.186.217.138/eicar.com
unknown
text
68 b
unknown
4988
msedge.exe
GET
109.186.217.138:80
http://109.186.217.138/dd4979e886bd46b6a5c618eb78b4525f36d3fa6ea9c6abb14e42ffa177a46ced.exe
unknown
unknown
1932
svchost.exe
GET
200
192.229.221.95:80
http://crl3.digicert.com/DigiCertGlobalRootCA.crl
unknown
binary
779 b
unknown
1932
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
unknown
6436
SIHClient.exe
GET
200
88.221.125.143:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
binary
418 b
unknown
6436
SIHClient.exe
GET
200
88.221.125.143:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
binary
409 b
unknown
7056
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
8
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3764
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
4988
msedge.exe
109.186.217.138:80
Cellcom Fixed Line Communication L.P
IL
unknown
2652
msedge.exe
239.255.255.250:1900
whitelisted
4988
msedge.exe
52.123.243.73:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
DE
unknown
4988
msedge.exe
51.104.176.40:443
nav-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4988
msedge.exe
92.123.104.28:443
www.bing.com
Akamai International B.V.
DE
unknown
4988
msedge.exe
20.105.95.163:443
data-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
880
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 52.123.243.73
  • 52.123.243.193
  • 52.123.243.217
  • 52.123.243.196
whitelisted
nav-edge.smartscreen.microsoft.com
  • 51.104.176.40
  • 20.31.251.109
whitelisted
www.bing.com
  • 92.123.104.28
  • 92.123.104.30
  • 92.123.104.38
  • 92.123.104.35
  • 92.123.104.44
  • 92.123.104.41
  • 92.123.104.34
  • 92.123.104.29
  • 92.123.104.33
  • 23.53.43.185
  • 23.37.226.81
  • 23.53.43.184
  • 23.37.226.82
  • 23.53.43.177
  • 23.53.43.179
  • 23.37.226.80
  • 23.37.226.88
  • 23.53.43.178
  • 23.37.226.107
  • 23.37.226.98
  • 23.53.43.98
  • 23.37.226.115
  • 23.37.226.114
  • 23.37.226.106
  • 23.37.226.105
  • 23.37.226.113
  • 23.53.43.99
  • 23.53.43.96
  • 23.53.43.112
  • 23.53.43.106
  • 23.53.43.104
  • 23.53.43.113
  • 23.53.43.121
  • 23.53.43.120
  • 23.53.43.115
  • 23.53.43.114
  • 23.53.43.122
  • 23.37.226.97
  • 23.37.226.104
  • 23.37.226.91
  • 23.37.226.90
  • 23.37.226.99
  • 23.37.226.96
whitelisted
data-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
edgeassetservice.azureedge.net
  • 13.107.246.63
  • 13.107.213.63
  • 13.107.246.62
  • 13.107.213.62
whitelisted
login.live.com
  • 20.190.159.75
  • 20.190.159.2
  • 20.190.159.68
  • 40.126.31.69
  • 20.190.159.73
  • 20.190.159.64
  • 20.190.159.23
  • 20.190.159.4
whitelisted
edgeservices.bing.com
  • 92.123.104.62
  • 92.123.104.52
  • 92.123.104.67
  • 92.123.104.66
  • 92.123.104.59
  • 92.123.104.61
  • 92.123.104.65
  • 92.123.104.58
  • 92.123.104.60
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
dl-edge.smartscreen.microsoft.com
  • 20.31.251.109
whitelisted

Threats

PID
Process
Class
Message
4988
msedge.exe
Potentially Bad Traffic
ET INFO Dotted Quad Host XLSX Request
4988
msedge.exe
Potentially Bad Traffic
ET INFO Executable Download from dotted-quad Host
4988
msedge.exe
Potentially Bad Traffic
ET INFO Executable Download from dotted-quad Host
4988
msedge.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
4988
msedge.exe
Potentially Bad Traffic
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
4988
msedge.exe
Potentially Bad Traffic
ET INFO Executable Download from dotted-quad Host
4988
msedge.exe
Misc activity
ET INFO Packed Executable Download
4988
msedge.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
4988
msedge.exe
Potentially Bad Traffic
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
4988
msedge.exe
Potentially Bad Traffic
ET INFO Executable Download from dotted-quad Host
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
109.186.217.138