File name:

8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe

Full analysis: https://app.any.run/tasks/566af17d-696e-4c1a-b903-617e02b28afc
Verdict: Malicious activity
Analysis date: February 03, 2026, 10:16:36
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
sfx
dropper
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

35D5F27C658297B5A5FF7A1D790EA644

SHA1:

00B27E1D2307BAC587A799CC1EAC20773684877E

SHA256:

8256C795D9CF047DF542BB7E8786A789BDD4994E4A43A2B1DA97847B4BCA22DE

SSDEEP:

49152:nXsQZyJSSuDElFOiRuOZkugsVRTX0KxXq1pt+yhYo2Px+wRK+hBbFPUzXrJbKIpx:XsQ4IfKOH4k8TX0K1q1pMqhPeK+hBhPs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • SFX dropper has been detected

      • Hook.exe (PID: 7664)

  • SUSPICIOUS

    • Reads the date of Windows installation

      • Hook.exe (PID: 7664)

    • Application launched itself

      • Hook.exe (PID: 7664)

    • Uses REG/REGEDIT.EXE to modify registry

      • 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe (PID: 8624)

    • Process drops legitimate windows executable

      • Hook.exe (PID: 2780)

    • Executing commands from a ".bat" file

      • 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe (PID: 8624)

    • Starts CMD.EXE for commands execution

      • 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe (PID: 8624)

    • Uses TIMEOUT.EXE to delay execution

      • 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe (PID: 8624)

    • Uses TASKKILL.EXE to kill process

      • 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe (PID: 8624)

  • INFO

    • Drops script file

      • 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe (PID: 8624)
      • msedge.exe (PID: 8184)
      • cmd.exe (PID: 2244)
      • msedge.exe (PID: 3532)

    • Checks supported languages

      • 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe (PID: 8624)
      • Hook.exe (PID: 7664)
      • Hook.exe (PID: 2780)
      • curl.exe (PID: 9032)
      • identity_helper.exe (PID: 7964)

    • Create files in a temporary directory

      • 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe (PID: 8624)

    • Reads the computer name

      • 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe (PID: 8624)
      • Hook.exe (PID: 7664)
      • Hook.exe (PID: 2780)
      • curl.exe (PID: 9032)
      • identity_helper.exe (PID: 7964)

    • Process checks computer location settings

      • 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe (PID: 8624)
      • Hook.exe (PID: 7664)

    • Reads security settings of Internet Explorer

      • Hook.exe (PID: 7664)
      • 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe (PID: 8624)

    • Creates files in the program directory

      • Hook.exe (PID: 2780)

    • The sample compiled with english language support

      • Hook.exe (PID: 2780)

    • Execution of CURL command

      • cmd.exe (PID: 2244)

    • Checks proxy server information

      • 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe (PID: 8624)
      • slui.exe (PID: 8404)

    • Application launched itself

      • msedge.exe (PID: 552)
      • msedge.exe (PID: 8184)

    • There is functionality for taking screenshot (YARA)

      • 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe (PID: 8624)

    • Reads Environment values

      • identity_helper.exe (PID: 7964)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:16 12:31:25+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.33
CodeSize: 208384
InitializedDataSize: 196096
UninitializedDataSize: -
EntryPoint: 0x205e0
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
198
Monitored processes
49
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe no specs taskkill.exe no specs conhost.exe no specs #DROPPER hook.exe no specs hook.exe reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs curl.exe timeout.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
488"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=6564,i,1837672201056202165,4171659704915064454,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
552"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.absba.cc/C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1612"C:\Windows\System32\taskkill.exe" /f /im "AntDM.exe"C:\Windows\SysWOW64\taskkill.exe8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1656"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2248,i,1837672201056202165,4171659704915064454,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1684"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x290,0x294,0x298,0x288,0x2a0,0x7ffd70cff208,0x7ffd70cff214,0x7ffd70cff220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1904\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2244C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\RarSFX0\down.bat" "C:\Windows\SysWOW64\cmd.exe8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2284\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2608"C:\Windows\System32\timeout.exe" /t 5C:\Windows\SysWOW64\timeout.exe8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2780"C:\Users\admin\AppData\Local\Temp\RarSFX0\hook.exe" -el -s2 "-dC:\Program Files\Ant Download Manager (x64)" "-sp"C:\Users\admin\AppData\Local\Temp\RarSFX0\Hook.exe
Hook.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\hook.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
6 179
Read events
6 173
Write events
6
Delete events
0

Modification events

(PID) Process:(8340) reg.exeKey:HKEY_CURRENT_USER\SOFTWARE\AntGROUP\Downloader\appMain
Operation:writeName:is_how_to_integrate
Value:
0
(PID) Process:(4816) reg.exeKey:HKEY_CURRENT_USER\SOFTWARE\AntGROUP\Downloader
Operation:writeName:color_theme
Value:
3
(PID) Process:(8624) 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{FBF23B40-E3F0-101B-8488-00AA003E56F8} {000214E4-0000-0000-C000-000000000046} 0xFFFF
Value:
0100000000000000BA67CD37F694DC01
(PID) Process:(8624) 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(8624) 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(8624) 8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
3
Suspicious files
142
Text files
315
Unknown types
0

Dropped files

PID
Process
Filename
Type
8184msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1e7f01.TMP
MD5:
SHA256:
8184msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1e7f01.TMP
MD5:
SHA256:
8184msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
8184msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
8184msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1e7f11.TMP
MD5:
SHA256:
8184msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF1e7f11.TMP
MD5:
SHA256:
8184msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
8184msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
8184msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1e7f11.TMP
MD5:
SHA256:
8184msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1e7ef2.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
602
TCP/UDP connections
190
DNS requests
121
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
8036
msedge.exe
GET
301
194.163.140.14:443
https://www.absba.cc/
unknown
unknown
8036
msedge.exe
GET
200
104.18.22.222:443
https://copilot.microsoft.com/c/api/user/eligibility
unknown
text
25 b
whitelisted
GET
200
194.163.140.14:443
https://absba.cc/
unknown
html
156 Kb
unknown
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
200
20.190.159.129:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
unknown
8176
svchost.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
200
40.126.31.67:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
unknown
356
svchost.exe
POST
200
20.190.159.0:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
356
svchost.exe
POST
200
20.190.159.0:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2.16.204.153:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
8176
svchost.exe
2.16.164.120:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
2.16.164.120:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
2.16.164.120:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
356
svchost.exe
20.190.159.0:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 2.16.204.153
  • 2.16.204.161
  • 2.16.204.158
  • 2.16.204.154
  • 2.16.204.160
  • 2.16.204.155
  • 2.16.204.156
  • 2.16.204.159
  • 2.16.204.157
  • 2.16.204.147
  • 2.16.204.142
  • 2.16.204.146
  • 2.16.204.143
  • 2.16.204.141
  • 2.16.204.136
  • 2.16.204.138
  • 2.16.204.137
  • 2.16.204.139
  • 2.16.204.134
  • 2.16.204.135
  • 2.16.204.152
  • 2.16.204.150
  • 2.16.204.149
  • 2.16.204.151
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
google.com
  • 142.251.208.174
whitelisted
crl.microsoft.com
  • 2.16.164.120
  • 2.16.164.49
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
login.live.com
  • 20.190.159.0
  • 40.126.31.73
  • 40.126.31.128
  • 20.190.159.128
  • 20.190.159.2
  • 20.190.159.73
  • 40.126.31.67
  • 20.190.159.129
  • 20.190.159.23
  • 40.126.31.71
  • 20.190.159.71
  • 40.126.31.131
  • 20.190.159.64
  • 20.190.159.75
  • 40.126.31.2
whitelisted
antdownloadmanager.com
  • 135.148.34.70
unknown
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
www.absba.cc
  • 194.163.140.14
unknown

Threats

PID
Process
Class
Message
8036
msedge.exe
Misc activity
INFO [ANY.RUN] .cc TLD domain request
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
8256c795d9cf047df542bb7e8786a789bdd4994e4a43a2b1da97847b4bca22de.exe