URL:

https://filebin.net/oekr8qeyujmiwgpj

Full analysis: https://app.any.run/tasks/2fe0c237-8042-45bc-9ff5-3f228131f17a
Verdict: Malicious activity
Threats:

Remote access trojans (RATs) are a type of malware that enables attackers to establish complete to partial control over infected computers. Such malicious programs often have a modular design, offering a wide range of functionalities for conducting illicit activities on compromised systems. Some of the most common features of RATs include access to the users’ data, webcam, and keystrokes. This malware is often distributed through phishing emails and links.

Malware Trends Tracker     >>>
Analysis date: April 29, 2026, 01:54:26
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
screenconnect
rmm-tool
tool
remote
rat
Indicators:
MD5:

58C87A8CB0E27FE177AFC8FBAD6D8012

SHA1:

D3BA32314F2F204F441800B99A3634A99D842EC7

SHA256:

8D2E7A0EF5BD863C2052108BFB8FF0B289BE633F8D2F5CF8BA12C23389117869

SSDEEP:

3:N8wL34dUAcQwTCln:2OAcQwTI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Known privilege escalation attack

      • dllhost.exe (PID: 8220)

    • SCREENCONNECT has been detected

      • rundll32.exe (PID: 2812)
      • msiexec.exe (PID: 5408)
      • rundll32.exe (PID: 3324)

    • SCREENCONNECT has been detected (SURICATA)

      • ScreenConnect.ClientService.exe (PID: 8616)

  • SUSPICIOUS

    • Cleans NTFS data stream (Zone Identifier)

      • odbcconf.exe (PID: 8288)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 8556)
      • cmd.exe (PID: 2880)

    • Uses RUNDLL32.EXE to run a file without a DLL extension

      • rundll32.exe (PID: 2812)
      • rundll32.exe (PID: 3324)

    • Executable content was dropped or overwritten

      • rundll32.exe (PID: 2812)
      • rundll32.exe (PID: 3324)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 5408)

    • Creates/Modifies COM task schedule object

      • msiexec.exe (PID: 5408)

    • Screenconnect has been detected

      • msiexec.exe (PID: 5408)
      • ScreenConnect.ClientService.exe (PID: 8616)
      • ScreenConnect.ClientService.exe (PID: 8616)
      • rundll32.exe (PID: 3324)

    • SCREENCONNECT mutex has been found

      • ScreenConnect.ClientService.exe (PID: 8616)

    • Executes as Windows Service

      • ScreenConnect.ClientService.exe (PID: 8616)

    • Creates or modifies Windows services

      • ScreenConnect.ClientService.exe (PID: 8616)

    • Potential Corporate Privacy Violation

      • ScreenConnect.ClientService.exe (PID: 8616)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 5408)

    • Detects ScreenConnect RAT (YARA)

      • ScreenConnect.ClientService.exe (PID: 8616)
      • ScreenConnect.WindowsClient.exe (PID: 2956)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 7368)
      • msedge.exe (PID: 8636)

    • Reads Environment values

      • identity_helper.exe (PID: 7976)
      • identity_helper.exe (PID: 9208)

    • Reads the computer name

      • identity_helper.exe (PID: 7976)
      • identity_helper.exe (PID: 9208)
      • 2025FISCALSTATEMENTS.exe (PID: 8240)
      • msiexec.exe (PID: 5408)
      • msiexec.exe (PID: 6060)
      • ScreenConnect.ClientService.exe (PID: 8616)
      • ScreenConnect.WindowsClient.exe (PID: 2956)
      • msiexec.exe (PID: 1824)
      • ScreenConnect.WindowsClient.exe (PID: 1904)
      • msiexec.exe (PID: 6836)

    • The sample compiled with english language support

      • msedge.exe (PID: 4396)
      • WinRAR.exe (PID: 4044)
      • msedge.exe (PID: 7368)

    • Checks supported languages

      • identity_helper.exe (PID: 7976)
      • identity_helper.exe (PID: 9208)
      • 2025FISCALSTATEMENTS.exe (PID: 8240)
      • msiexec.exe (PID: 5408)
      • msiexec.exe (PID: 6060)
      • ScreenConnect.ClientService.exe (PID: 8616)
      • msiexec.exe (PID: 6836)
      • ScreenConnect.WindowsClient.exe (PID: 2956)
      • msiexec.exe (PID: 1824)
      • ScreenConnect.WindowsClient.exe (PID: 1904)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 7368)

    • Manual execution by a user

      • WinRAR.exe (PID: 4044)
      • 2025FISCALSTATEMENTS.exe (PID: 8240)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 4044)
      • msiexec.exe (PID: 5408)

    • Checks transactions between databases Windows and Oracle

      • odbcconf.exe (PID: 8288)

    • Reads security settings of Internet Explorer

      • dllhost.exe (PID: 8220)
      • ScreenConnect.ClientService.exe (PID: 8616)
      • ScreenConnect.WindowsClient.exe (PID: 2956)
      • ScreenConnect.WindowsClient.exe (PID: 1904)

    • CONNECTWISE has been detected

      • msiexec.exe (PID: 5408)
      • ScreenConnect.ClientService.exe (PID: 8616)
      • ScreenConnect.WindowsClient.exe (PID: 2956)
      • ScreenConnect.WindowsClient.exe (PID: 1904)

    • SCREENCONNECT has been detected

      • msiexec.exe (PID: 5408)
      • ScreenConnect.ClientService.exe (PID: 8616)
      • rundll32.exe (PID: 3324)

    • Reads the machine GUID from the registry

      • ScreenConnect.ClientService.exe (PID: 8616)
      • ScreenConnect.WindowsClient.exe (PID: 2956)
      • ScreenConnect.WindowsClient.exe (PID: 1904)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 5408)

    • Creates files or folders in the user directory

      • odbcconf.exe (PID: 8288)

    • Reads CPU info

      • ScreenConnect.WindowsClient.exe (PID: 1904)

    • There is functionality for taking screenshot (YARA)

      • ScreenConnect.ClientService.exe (PID: 8616)
      • ScreenConnect.WindowsClient.exe (PID: 2956)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
200
Monitored processes
58
Malicious processes
6
Suspicious processes
2

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs winrar.exe 2025fiscalstatements.exe no specs odbcconf.exe no specs CMSTPLUA cmd.exe no specs conhost.exe no specs msiexec.exe no specs #SCREENCONNECT msiexec.exe cmd.exe no specs conhost.exe no specs msiexec.exe no specs msiexec.exe no specs #SCREENCONNECT rundll32.exe msiexec.exe no specs #SCREENCONNECT screenconnect.clientservice.exe #SCREENCONNECT screenconnect.windowsclient.exe no specs msiexec.exe no specs #SCREENCONNECT rundll32.exe screenconnect.windowsclient.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
416"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6132,i,12527437750721994181,2392299042063502856,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6368 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
672"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=4516,i,14274507569426531782,5007843664137889586,262144 --variations-seed-version --mojo-platform-channel-handle=5124 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1400"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=4236,i,14274507569426531782,5007843664137889586,262144 --variations-seed-version --mojo-platform-channel-handle=1588 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1824C:\Windows\syswow64\MsiExec.exe -Embedding 76FD5AEB75085BC238650B93981456CBC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1904"C:\Program Files (x86)\ScreenConnect Client (c26bd864ce80bf33)\ScreenConnect.WindowsClient.exe" "RunRole" "42fee2de-497d-4848-8be8-9fda9d1c2232" "System"C:\Program Files (x86)\ScreenConnect Client (c26bd864ce80bf33)\ScreenConnect.WindowsClient.exeScreenConnect.ClientService.exe
User:
SYSTEM
Company:
ScreenConnect Software
Integrity Level:
SYSTEM
Description:
ScreenConnect Client
Exit code:
0
Version:
24.3.7.9067
Modules
Images
c:\program files (x86)\screenconnect client (c26bd864ce80bf33)\screenconnect.windowsclient.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2032"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4924,i,12527437750721994181,2392299042063502856,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=4984 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2164"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2148,i,12527437750721994181,2392299042063502856,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2812rundll32.exe "C:\WINDOWS\Installer\MSI9F78.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_958500 2 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArgumentsC:\Windows\SysWOW64\rundll32.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2880"C:\WINDOWS\system32\cmd.exe" /c ""C:\WINDOWS\system32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Vendor\Layers\setup.msi" /qn /norestart"C:\Windows\System32\cmd.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
2956"C:\Program Files (x86)\ScreenConnect Client (c26bd864ce80bf33)\ScreenConnect.WindowsClient.exe" "RunRole" "d748c357-e4c7-42f6-8305-863972d7a027" "User"C:\Program Files (x86)\ScreenConnect Client (c26bd864ce80bf33)\ScreenConnect.WindowsClient.exe
ScreenConnect.ClientService.exe
User:
admin
Company:
ScreenConnect Software
Integrity Level:
MEDIUM
Description:
ScreenConnect Client
Version:
24.3.7.9067
Modules
Images
c:\program files (x86)\screenconnect client (c26bd864ce80bf33)\screenconnect.windowsclient.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
9 926
Read events
9 787
Write events
118
Delete events
21

Modification events

(PID) Process:(8464) slui.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3d\52C64B7E
Operation:writeName:@%SystemRoot%\System32\sppcomapi.dll,-3200
Value:
Software Licensing
(PID) Process:(4044) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(4044) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(4044) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(4044) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(8220) dllhost.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3d\52C64B7E
Operation:writeName:@%SystemRoot%\system32\cmlua.dll,-100
Value:
Connection Manager
(PID) Process:(5408) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
B272C094783D765917C008BF69B32F14556A72D0DB6EF14BD952DDB8C159E9F9
(PID) Process:(5408) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:writeName:C:\Config.Msi\e9e80.rbs
Value:
31250265
(PID) Process:(5408) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:writeName:C:\Config.Msi\e9e80.rbsLow
Value:
(PID) Process:(5408) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C61C5DD349A06619F77CFEF0FD7E0AD
Operation:writeName:D6FD88284E242BFCD3824C194791FDB2
Value:
C:\Program Files (x86)\ScreenConnect Client (c26bd864ce80bf33)\ScreenConnect.ClientService.dll
Executable files
34
Suspicious files
130
Text files
376
Unknown types
0

Dropped files

PID
Process
Filename
Type
7368msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFdff21.TMP
MD5:
SHA256:
7368msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
7368msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFdff40.TMP
MD5:
SHA256:
7368msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
7368msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFdff50.TMP
MD5:
SHA256:
7368msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7368msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFdff5f.TMP
MD5:
SHA256:
7368msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
7368msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFdff5f.TMP
MD5:
SHA256:
7368msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RFdff5f.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
106
TCP/UDP connections
78
DNS requests
68
Threats
30

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4396
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:IUwsAXaMbF4RvNWekmRBQ5-NlRDqCrwhONs5hLeYy2c&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
100 b
whitelisted
4396
msedge.exe
GET
200
135.181.128.167:443
https://filebin.net/oekr8qeyujmiwgpj
DE
html
27.9 Kb
unknown
4396
msedge.exe
GET
200
135.181.128.167:443
https://filebin.net/static/webfonts/fa-regular-400.woff2
DE
binary
13.2 Kb
unknown
4396
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
132 b
whitelisted
4396
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=67&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0
US
text
4.28 Kb
whitelisted
4396
msedge.exe
GET
200
104.18.22.222:443
https://copilot.microsoft.com/c/api/user/eligibility
US
text
25 b
whitelisted
4396
msedge.exe
GET
200
135.181.128.167:443
https://filebin.net/static/css/bootstrap.min.css
DE
text
226 Kb
unknown
4396
msedge.exe
GET
200
135.181.128.167:443
https://filebin.net/static/js/sorttable.js
DE
html
16.5 Kb
unknown
4396
msedge.exe
GET
200
135.181.128.167:443
https://filebin.net/static/js/popper.min.js
DE
text
18.0 Kb
unknown
4396
msedge.exe
GET
200
13.107.246.38:443
https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US
US
binary
82 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5276
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
8152
slui.exe
48.192.1.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
680
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
4396
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4396
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4396
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4396
msedge.exe
135.181.128.167:443
filebin.net
HETZNER-AS
DE
suspicious
4396
msedge.exe
13.107.246.38:443
api.edgeoffer.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
activation-v2.sls.microsoft.com
  • 48.192.1.64
whitelisted
google.com
  • 192.178.183.100
  • 192.178.183.138
  • 192.178.183.101
  • 192.178.183.102
  • 192.178.183.139
  • 192.178.183.113
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
filebin.net
  • 135.181.128.167
unknown
api.edgeoffer.microsoft.com
  • 13.107.246.38
  • 13.107.213.38
whitelisted
copilot.microsoft.com
  • 104.18.22.222
  • 104.18.23.222
whitelisted
www.bing.com
  • 184.86.251.27
  • 184.86.251.22
  • 2.16.204.135
  • 2.16.204.141
whitelisted
xpaywalletcdn.azureedge.net
  • 150.171.109.101
whitelisted
update.googleapis.com
  • 142.251.13.138
  • 142.251.13.113
  • 142.251.13.101
  • 142.251.13.102
  • 142.251.13.139
  • 142.251.13.100
whitelisted

Threats

PID
Process
Class
Message
4396
msedge.exe
Misc activity
ET FILE_SHARING Observed DNS Query to Abused File Sharing Domain in DNS Lookup (filebin .net)
4396
msedge.exe
Misc activity
ET INFO Observed Abused File Sharing Domain in TLS SNI (filebin .net)
4396
msedge.exe
Misc activity
ET FILE_SHARING Observed DNS Query to Abused File Sharing Domain in DNS Lookup (filebin .net)
4396
msedge.exe
Misc activity
ET INFO Observed Abused File Sharing Domain in TLS SNI (filebin .net)
4396
msedge.exe
Misc activity
ET INFO Observed Abused File Sharing Domain in TLS SNI (filebin .net)
4396
msedge.exe
Misc activity
ET INFO Observed Abused File Sharing Domain in TLS SNI (filebin .net)
4396
msedge.exe
Misc activity
ET INFO Observed Abused File Sharing Domain in TLS SNI (filebin .net)
4396
msedge.exe
Misc activity
ET INFO Observed Abused File Sharing Domain in TLS SNI (filebin .net)
4396
msedge.exe
Misc activity
ET INFO Observed Abused File Sharing Domain in TLS SNI (filebin .net)
4396
msedge.exe
Misc activity
ET INFO Observed Abused File Sharing Domain in TLS SNI (filebin .net)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://filebin.net/oekr8qeyujmiwgpj