File name:

1.py

Full analysis: https://app.any.run/tasks/7a1de513-8c3b-4560-9290-9408e0ee61f8
Verdict: Malicious activity
Analysis date: February 15, 2024, 07:01:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/x-script.python
File info: Python script, ASCII text executable
MD5:

41A8A31E7A60D8C72F37757EC68B8343

SHA1:

57389A9B7C344CA60942016AFC8581650FAE62F0

SHA256:

4568550A68285D1ACB64D315640E70528F26F26764BE77D20A49164D2B131471

SSDEEP:

192:GJjvLTN78K0YnaIf6ZVECKLg63k0NedAFce5mJ3S:GZTJTCKc63ZNedAFceYJi

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the Internet Settings

      • rundll32.exe (PID: 4052)
      • pwsh.exe (PID: 1112)
      • rundll32.exe (PID: 3356)
      • wmplayer.exe (PID: 2088)
      • powershell.exe (PID: 920)
      • rundll32.exe (PID: 2648)
      • setup_wm.exe (PID: 2772)
      • sipnotify.exe (PID: 1944)

    • Reads security settings of Internet Explorer

      • pwsh.exe (PID: 1112)
      • wmplayer.exe (PID: 2088)
      • setup_wm.exe (PID: 2772)

    • Reads settings of System Certificates

      • pwsh.exe (PID: 1112)
      • sipnotify.exe (PID: 1944)

    • Reads the date of Windows installation

      • pwsh.exe (PID: 1112)

    • Checks Windows Trust Settings

      • pwsh.exe (PID: 1112)

    • Process checks Powershell history file

      • pwsh.exe (PID: 1112)

    • Using PowerShell to operate with local accounts

      • powershell.exe (PID: 920)

    • The process executes via Task Scheduler

      • ctfmon.exe (PID: 120)
      • sipnotify.exe (PID: 1944)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 3536)
      • AcroRd32.exe (PID: 1628)
      • RdrCEF.exe (PID: 1380)
      • msedge.exe (PID: 3604)
      • chrome.exe (PID: 2376)
      • msedge.exe (PID: 2856)
      • iexplore.exe (PID: 3860)

    • Manual execution by a user

      • msconfig.exe (PID: 3300)
      • msconfig.exe (PID: 2512)
      • cmd.exe (PID: 2344)
      • pwsh.exe (PID: 1112)
      • AcroRd32.exe (PID: 1628)
      • notepad++.exe (PID: 316)
      • powershell.exe (PID: 920)
      • rundll32.exe (PID: 3356)
      • notepad++.exe (PID: 1196)
      • notepad++.exe (PID: 2916)
      • rundll32.exe (PID: 2648)
      • chrome.exe (PID: 2376)
      • wmplayer.exe (PID: 2088)
      • explorer.exe (PID: 3360)
      • iexplore.exe (PID: 3860)
      • IMEKLMG.EXE (PID: 2112)
      • IMEKLMG.EXE (PID: 2120)
      • wmpnscfg.exe (PID: 2356)
      • wmpnscfg.exe (PID: 2380)
      • explorer.exe (PID: 2508)

    • Checks supported languages

      • pwsh.exe (PID: 1112)
      • wmplayer.exe (PID: 2088)
      • setup_wm.exe (PID: 2772)
      • IMEKLMG.EXE (PID: 2120)
      • wmpnscfg.exe (PID: 2356)
      • wmpnscfg.exe (PID: 2380)
      • IMEKLMG.EXE (PID: 2112)

    • Reads the computer name

      • pwsh.exe (PID: 1112)
      • wmplayer.exe (PID: 2088)
      • setup_wm.exe (PID: 2772)
      • IMEKLMG.EXE (PID: 2120)
      • wmpnscfg.exe (PID: 2356)
      • wmpnscfg.exe (PID: 2380)
      • IMEKLMG.EXE (PID: 2112)

    • Reads the machine GUID from the registry

      • setup_wm.exe (PID: 2772)

    • Process checks computer location settings

      • setup_wm.exe (PID: 2772)

    • Checks proxy server information

      • setup_wm.exe (PID: 2772)

    • Reads security settings of Internet Explorer

      • sipnotify.exe (PID: 1944)

    • Reads Environment values

      • setup_wm.exe (PID: 2772)

    • Create files in a temporary directory

      • setup_wm.exe (PID: 2772)

    • Process checks whether UAC notifications are on

      • IMEKLMG.EXE (PID: 2112)
      • IMEKLMG.EXE (PID: 2120)

    • Reads the software policy settings

      • sipnotify.exe (PID: 1944)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
177
Monitored processes
83
Malicious processes
2
Suspicious processes
3

Behavior graph

Click at the process to see the details
start rundll32.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs acrord32.exe no specs acrord32.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs msedge.exe no specs msedge.exe no specs msconfig.exe no specs rdrcef.exe no specs msconfig.exe pwsh.exe notepad++.exe powershell.exe notepad++.exe notepad++.exe rundll32.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe chrome.exe no specs wmplayer.exe no specs setup_wm.exe chrome.exe no specs chrome.exe chrome.exe no specs explorer.exe no specs chrome.exe no specs chrome.exe no specs iexplore.exe iexplore.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs ctfmon.exe no specs sipnotify.exe imeklmg.exe no specs imeklmg.exe no specs wmpnscfg.exe no specs wmpnscfg.exe no specs explorer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2164 --field-trial-handle=1308,i,10292662377944967016,2002952361097449790,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
120C:\Windows\System32\ctfmon.exe C:\Windows\System32\ctfmon.exetaskeng.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
CTF Loader
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ctfmon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctfmonitor.dll
c:\windows\system32\msctf.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
268"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2176 --field-trial-handle=1388,i,6846864412522424338,4913751295214951388,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
316"C:\Program Files\Notepad++\notepad++.exe" "C:\Users\admin\Desktop\12.py"C:\Program Files\Notepad++\notepad++.exe
explorer.exe
User:
admin
Company:
Don HO don.h@free.fr
Integrity Level:
MEDIUM
Description:
Notepad++ : a free (GNU) source code editor
Exit code:
0
Version:
7.91
Modules
Images
c:\program files\notepad++\notepad++.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
324"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1176,5537987267826575767,4193688153937365238,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=16276638247824781825 --mojo-platform-channel-handle=1376 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
448"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3860 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
480"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3868 --field-trial-handle=1308,i,10292662377944967016,2002952361097449790,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
584"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1344 --field-trial-handle=1388,i,6846864412522424338,4913751295214951388,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
680"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1060 --field-trial-handle=1168,i,16795309969921699770,9660465037178120076,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
748"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3180 --field-trial-handle=1308,i,10292662377944967016,2002952361097449790,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
51 482
Read events
50 792
Write events
604
Delete events
86

Modification events

(PID) Process:(3536) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3536) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3536) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(3536) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3536) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3536) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(3536) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(3536) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
BFEECC7AFC6F2F00
(PID) Process:(3536) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\FirstNotDefault
Operation:delete valueName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
(PID) Process:(3536) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
Executable files
2
Suspicious files
112
Text files
198
Unknown types
127

Dropped files

PID
Process
Filename
Type
3536msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF181836.TMP
MD5:
SHA256:
3536msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3536msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF181884.TMP
MD5:
SHA256:
3536msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
3536msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF1818c3.TMP
MD5:
SHA256:
3536msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
3536msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:DF0BCCD68449F07F531D76F53C718178
SHA256:12025F4DA9E53A8B91892D4F6E6A9B89513F3488BFE9F1EEEC3C05F7EF96BDD8
2044msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pmabinary
MD5:886E82F2CA62ECCCE64601B30592078A
SHA256:E5E13D53601100FF3D6BB71514CBCCC4C73FE9B7EF5E930100E644187B42948E
3536msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Variationsbinary
MD5:961E3604F228B0D10541EBF921500C86
SHA256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
3536msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.oldtext
MD5:B1E05B031BC39D74E7AC1CA69AC72F82
SHA256:899DE7900989F710A925E38FA5AE4EA2C3B0EF47A1FEEFBF9EB57C21FA513A8E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
76
DNS requests
95
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3456
msedge.exe
GET
301
2.16.2.209:80
http://shell.windows.com/fileassoc/fileassoc.asp?Ext=py
unknown
unknown
3212
msedge.exe
GET
301
2.16.2.209:80
http://shell.windows.com/fileassoc/fileassoc.asp?Ext=py%22
unknown
unknown
3456
msedge.exe
GET
302
2.22.78.111:80
http://go.microsoft.com/fwlink/?LinkId=57426&Ext=py
unknown
unknown
2772
setup_wm.exe
GET
302
2.16.2.195:80
http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86
unknown
unknown
3860
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?455eace02ce12359
unknown
unknown
2772
setup_wm.exe
GET
200
2.16.2.58:80
http://onlinestores.metaservices.microsoft.com/serviceswitching/AllServices.aspx?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86
unknown
xml
546 b
unknown
2772
setup_wm.exe
GET
200
2.16.2.58:80
http://onlinestores.metaservices.microsoft.com/bing/bing.xml
unknown
text
523 b
unknown
3860
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d96747114b3c2363
unknown
unknown
1944
sipnotify.exe
HEAD
200
104.102.39.173:80
http://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2JgkA?v=133524542732810000
unknown
unknown
1428
svchost.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
binary
1.01 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
3536
msedge.exe
239.255.255.250:1900
unknown
3212
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3212
msedge.exe
2.22.78.111:443
go.microsoft.com
AKAMAI-AS
FR
unknown
3212
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3212
msedge.exe
2.16.2.209:80
shell.windows.com
Akamai International B.V.
CZ
whitelisted
3212
msedge.exe
23.212.110.201:443
www.bing.com
Akamai International B.V.
CZ
unknown
3212
msedge.exe
23.212.110.218:443
r.bing.com
Akamai International B.V.
CZ
unknown
3212
msedge.exe
20.190.159.4:443
login.microsoftonline.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3212
msedge.exe
13.107.5.80:443
services.bingapis.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
go.microsoft.com
  • 2.22.78.111
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
shell.windows.com
  • 2.16.2.209
  • 2.16.2.208
whitelisted
www.bing.com
  • 23.212.110.201
  • 23.212.110.203
  • 23.212.110.185
  • 23.212.110.200
  • 23.212.110.209
  • 23.212.110.217
  • 23.212.110.208
  • 23.212.110.187
  • 23.212.110.136
  • 23.212.110.168
  • 23.212.110.178
  • 23.212.110.171
  • 23.212.110.176
  • 23.212.110.169
  • 23.212.110.186
  • 23.212.110.162
  • 23.212.110.161
  • 23.212.110.155
  • 23.212.110.163
whitelisted
r.bing.com
  • 23.212.110.218
  • 23.212.110.211
  • 23.212.110.209
  • 23.212.110.138
  • 23.212.110.136
  • 23.212.110.139
  • 23.212.110.144
  • 23.212.110.137
  • 23.212.110.219
  • 23.212.110.145
  • 23.212.110.208
  • 23.212.110.217
  • 23.212.110.200
  • 23.212.110.185
  • 23.212.110.178
  • 23.212.110.201
  • 23.212.110.187
  • 23.212.110.186
  • 23.212.110.162
  • 23.212.110.161
  • 23.212.110.176
  • 23.212.110.155
  • 23.212.110.163
  • 23.212.110.169
  • 23.212.110.168
whitelisted
th.bing.com
  • 23.212.110.218
  • 23.212.110.139
  • 23.212.110.144
  • 23.212.110.219
  • 23.212.110.137
  • 23.212.110.138
  • 23.212.110.136
  • 23.212.110.145
  • 23.212.110.211
  • 23.212.110.171
  • 23.212.110.200
  • 23.212.110.178
  • 23.212.110.168
  • 23.212.110.187
  • 23.212.110.176
  • 23.212.110.186
  • 23.212.110.185
  • 23.212.110.169
  • 23.212.110.208
  • 23.212.110.217
  • 23.212.110.209
  • 23.212.110.201
  • 23.212.110.162
  • 23.212.110.161
  • 23.212.110.155
  • 23.212.110.163
whitelisted
login.microsoftonline.com
  • 20.190.159.4
  • 40.126.31.69
  • 20.190.159.73
  • 40.126.31.73
  • 20.190.159.64
  • 20.190.159.68
  • 20.190.159.2
  • 40.126.31.67
whitelisted
services.bingapis.com
  • 13.107.5.80
unknown
login.live.com
  • 40.126.32.74
  • 40.126.32.133
  • 40.126.32.138
  • 20.190.160.17
  • 40.126.32.136
  • 40.126.32.68
  • 40.126.32.134
  • 40.126.32.72
whitelisted

Threats

No threats detected
Process
Message
pwsh.exe
Profiler was prevented from loading notification profiler due to app settings. Process ID (decimal): 1112. Message ID: [0x2509].
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3