URL:

https://lowtideaudio.online

Full analysis: https://app.any.run/tasks/9169a376-26fc-4924-bce1-c1d3abf6b387
Verdict: Malicious activity
Threats:

Stealc is a stealer malware that targets victims’ sensitive data, which it exfiltrates from browsers, messaging apps, and other software. The malware is equipped with advanced features, including fingerprinting, control panel, evasion mechanisms, string obfuscation, etc. Stealc establishes persistence and communicates with its C2 server through HTTP POST requests.

Malware Trends Tracker     >>>
Analysis date: March 15, 2026, 12:30:45
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
susp-powershell
stealer
stealc
vidar
xor-url
generic
Indicators:
MD5:

6586F84E981DA543B09E9222C6DFD991

SHA1:

A91880E7E468EAFAE89B388D04CB7A478E777D1F

SHA256:

6C2B7633EEE6E45D54ACCF687318E09C5F34145BBD595B5D313FA2FD7EA378EC

SSDEEP:

3:N8KiMTbn:2KvTb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Uses AES cipher (POWERSHELL)

      • powershell.exe (PID: 5440)

    • Gets or sets the symmetric key that is used for encryption and decryption (POWERSHELL)

      • powershell.exe (PID: 5440)

    • Gets or sets the initialization vector for the symmetric algorithm (POWERSHELL)

      • powershell.exe (PID: 5440)

    • Actions looks like stealing of personal data

      • notepad.exe (PID: 6544)

    • STEALC has been detected (SURICATA)

      • notepad.exe (PID: 6544)

    • Steals credentials from Web Browsers

      • notepad.exe (PID: 6544)

    • XORed URL has been found (YARA)

      • notepad.exe (PID: 6544)

    • Dynamically loads an assembly (POWERSHELL)

      • powershell.exe (PID: 5440)

  • SUSPICIOUS

    • Application launched itself

      • powershell.exe (PID: 1200)

    • Uses base64 encoding (POWERSHELL)

      • powershell.exe (PID: 5440)

    • Creates new GUID (POWERSHELL)

      • powershell.exe (PID: 5440)

    • The process executes via Task Scheduler

      • powershell.exe (PID: 1200)

    • Uses sleep to delay execution (POWERSHELL)

      • powershell.exe (PID: 5440)

    • The process hides Powershell's copyright startup banner

      • powershell.exe (PID: 1200)

    • Starts POWERSHELL.EXE for commands execution

      • powershell.exe (PID: 1200)

    • The process bypasses the loading of PowerShell profile settings

      • powershell.exe (PID: 1200)

    • CSC.EXE is used to compile C# code

      • csc.exe (PID: 8456)

    • Executable content was dropped or overwritten

      • csc.exe (PID: 8456)

    • Contacting a server suspected of hosting an CnC

      • notepad.exe (PID: 6544)

    • Searches for installed software

      • notepad.exe (PID: 6544)

    • Possible stealing from crypto wallets

      • notepad.exe (PID: 6544)

    • Possible stealing from password managers

      • notepad.exe (PID: 6544)

    • Possible stealing from browsers

      • notepad.exe (PID: 6544)

    • Multiple wallet extension IDs have been found

      • notepad.exe (PID: 6544)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 1840)
      • chrome.exe (PID: 7652)
      • chrome.exe (PID: 1156)
      • chrome.exe (PID: 3168)
      • msedge.exe (PID: 1568)
      • msedge.exe (PID: 8792)
      • chrome.exe (PID: 6200)

    • Manual execution by a user

      • cmd.exe (PID: 4968)
      • cmd.exe (PID: 8184)
      • msedge.exe (PID: 2432)
      • msedge.exe (PID: 1568)

    • Disables trace logs

      • powershell.exe (PID: 1200)

    • Gets data length (POWERSHELL)

      • powershell.exe (PID: 5440)

    • Checks supported languages

      • identity_helper.exe (PID: 8996)
      • csc.exe (PID: 8456)
      • cvtres.exe (PID: 7896)
      • identity_helper.exe (PID: 8688)
      • identity_helper.exe (PID: 4144)

    • Reads Environment values

      • identity_helper.exe (PID: 8996)
      • identity_helper.exe (PID: 4144)
      • identity_helper.exe (PID: 8688)

    • Checks current location (POWERSHELL)

      • powershell.exe (PID: 1200)

    • Reads the computer name

      • identity_helper.exe (PID: 8996)
      • identity_helper.exe (PID: 8688)
      • identity_helper.exe (PID: 4144)

    • Create files in a temporary directory

      • csc.exe (PID: 8456)
      • cvtres.exe (PID: 7896)

    • Creates files or folders in the user directory

      • notepad.exe (PID: 6544)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 6544)

    • There is functionality for taking screenshot (YARA)

      • notepad.exe (PID: 6544)

    • Reads the machine GUID from the registry

      • csc.exe (PID: 8456)

    • Creates files in the program directory

      • notepad.exe (PID: 6544)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
281
Monitored processes
120
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe conhost.exe no specs slui.exe powershell.exe conhost.exe no specs powershell.exe no specs conhost.exe no specs csc.exe cvtres.exe no specs #STEALC notepad.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
768"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=5852,i,3673958202147443678,12387429461811021920,262144 --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5840 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
848"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=2116,i,454800961136764632,5804014985139477864,262144 --variations-seed-version=20260314-030021.655000-production --mojo-platform-channel-handle=2256 /prefetch:3C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
936"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=3652,i,10702285242099094083,4728998467866060567,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1156"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default"C:\Program Files\Google\Chrome\Application\chrome.exe
notepad.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1200"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
RuntimeBroker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\atl.dll
c:\windows\system32\combase.dll
1568"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=DefaultC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1612"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=5812,i,3673958202147443678,12387429461811021920,262144 --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5552 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1692"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6760,i,17276787095743207908,4015438758219578678,262144 --variations-seed-version --mojo-platform-channel-handle=6744 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1704"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=1732,i,17276787095743207908,4015438758219578678,262144 --variations-seed-version --mojo-platform-channel-handle=2388 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1840"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-features=HttpsUpgrades,HttpsFirstModeV2,HttpsOnlyMode,HttpsFirstBalancedMode --no-first-run --no-default-browser-check https://lowtideaudio.onlineC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
17 734
Read events
17 731
Write events
3
Delete events
0

Modification events

(PID) Process:(6544) notepad.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6544) notepad.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6544) notepad.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
33
Suspicious files
784
Text files
451
Unknown types
0

Dropped files

PID
Process
Filename
Type
1840msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1e5580.TMP
MD5:
SHA256:
1840msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
1840msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1e5590.TMP
MD5:
SHA256:
1840msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1e5590.TMP
MD5:
SHA256:
1840msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
1840msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
1840msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF1e55a0.TMP
MD5:
SHA256:
1840msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1e5580.TMP
MD5:
SHA256:
1840msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
1840msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
451
TCP/UDP connections
246
DNS requests
261
Threats
19

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1848
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:2Z5hbKPgzaVfT0Z_J6tS8QOR6OJl3Re-971lQjplh1A&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
100 b
whitelisted
1848
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=66&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0
US
text
4.59 Kb
whitelisted
1848
msedge.exe
GET
200
104.18.22.222:443
https://copilot.microsoft.com/c/api/user/eligibility
US
text
25 b
whitelisted
1848
msedge.exe
GET
200
13.107.213.44:443
https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US
US
binary
82 b
whitelisted
1848
msedge.exe
GET
302
188.114.96.3:443
https://lowtideaudio.online/
US
html
319 b
unknown
1848
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
446 b
whitelisted
1848
msedge.exe
GET
200
57.144.244.192:443
https://static.cdninstagram.com/rsrc.php/v4iEah4/yn/l/en_US/-p79Dw_lYab71wDvpLc_BpQKPwfW0wN-q7odNDboPV5nehijy5uSwSBn7MFhqg_zkseO1JshF54hnUfxHcaC_j66O-sybUOyzyP07O4uAuHMZyBSaV-S7OueDLAAXUtRnPF5OV64OA8PraPmMM4mfsnKiaA8ohO-dKm4-DGHqdGQHlOTozoFpj-99G3-Qx8lcabVTDTcjqCtge5-3tV1r_PYQYK34goP7SPeCQmxhceZaR68thOl6Gkjq0OVecPlfAVsTAuutH3iYDnxqqKmM_5UvGYKn4iOEa-p5ZBFNZTFDSp4bWABAdmh5DEndjkKeHWrECl3_n.js
US
text
202 Kb
whitelisted
1848
msedge.exe
GET
200
57.144.244.192:443
https://static.cdninstagram.com/rsrc.php/v5/yv/l/0,cross/EQkng5VPNGhbgrNkRAHfEEPvJg89IT9OsT0QyApb4vzQfgQe914iiBfONMKn3YhINqU49pVNahkCkGzNiZ9AWV5Gs97xFZK--hBruhBENOpKm_.css
US
text
766 Kb
whitelisted
1848
msedge.exe
GET
200
57.144.244.34:443
https://www.instagram.com/
US
html
654 Kb
whitelisted
1848
msedge.exe
GET
200
57.144.244.192:443
https://static.cdninstagram.com/rsrc.php/v4/yJ/r/XpnBUoxX61b.js
US
text
284 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
8680
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2600
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1848
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
1848
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1848
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1848
msedge.exe
104.18.22.222:443
copilot.microsoft.com
CLOUDFLARENET
US
whitelisted
1848
msedge.exe
13.107.213.44:443
api.edgeoffer.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
self.events.data.microsoft.com
  • 20.189.173.18
  • 20.189.173.4
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
  • 51.124.78.146
whitelisted
google.com
  • 142.251.140.174
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
lowtideaudio.online
  • 188.114.96.3
  • 188.114.97.3
unknown
api.edgeoffer.microsoft.com
  • 13.107.213.44
  • 13.107.246.44
  • 13.107.213.45
  • 13.107.246.45
whitelisted
copilot.microsoft.com
  • 104.18.22.222
  • 104.18.23.222
whitelisted
www.instagram.com
  • 57.144.244.34
  • 157.240.0.174
whitelisted
www.bing.com
  • 92.123.104.66
  • 92.123.104.59
  • 92.123.104.55
  • 92.123.104.58
  • 92.123.104.60
  • 92.123.104.65
  • 92.123.104.54
  • 92.123.104.52
  • 92.123.104.62
  • 104.126.37.139
  • 104.126.37.130
  • 104.126.37.176
  • 104.126.37.145
  • 104.126.37.136
  • 104.126.37.128
  • 104.126.37.163
  • 104.126.37.154
  • 184.86.251.5
  • 184.86.251.24
  • 184.86.251.22
  • 184.86.251.19
  • 184.86.251.30
  • 184.86.251.23
  • 184.86.251.21
  • 184.86.251.25
  • 184.86.251.27
  • 2.16.241.222
  • 2.16.241.207
  • 2.16.241.205
whitelisted

Threats

PID
Process
Class
Message
2600
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
1200
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
6544
notepad.exe
Malware Command and Control Activity Detected
ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2
6544
notepad.exe
A Network Trojan was detected
ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1
6544
notepad.exe
Malware Command and Control Activity Detected
ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2
6544
notepad.exe
Malware Command and Control Activity Detected
ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2
6544
notepad.exe
Malware Command and Control Activity Detected
ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2
6544
notepad.exe
Malware Command and Control Activity Detected
ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2
6544
notepad.exe
Malware Command and Control Activity Detected
ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2
6544
notepad.exe
Malware Command and Control Activity Detected
ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://lowtideaudio.online