URL:

https://fex.net/s/kfopxys

Full analysis: https://app.any.run/tasks/77c2a810-f299-4bae-9566-1676205f5f7d
Verdict: Malicious activity
Analysis date: May 19, 2025, 16:21:32
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
python
Indicators:
MD5:

E86BA5B0190B66806FCDE3CA1338F0C8

SHA1:

4D23AEBB60F8D8768470662829F615D6E0CE3C58

SHA256:

92F21B9B24C93876A32AA831EDEF457C94C981879848C6041AC416D4074576B7

SSDEEP:

3:N8DNWn:2DNW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • 2.0C.exe (PID: 9056)
      • 2.0C.exe (PID: 3192)
      • 2.0C.exe (PID: 3888)
      • 2.0C.exe (PID: 8952)
      • 2.0C.exe (PID: 9212)
      • 2.0C.exe (PID: 7148)
      • 2.0C.exe (PID: 5936)
      • 2.0C.exe (PID: 2344)
      • 2.0C.exe (PID: 8352)
      • 2.0C.exe (PID: 8344)
      • 2.0C.exe (PID: 1088)
      • 2.0C.exe (PID: 7820)
      • 2.0C.exe (PID: 8356)
      • 2.0C.exe (PID: 8000)
      • 2.0C.exe (PID: 8452)
      • 2.0C.exe (PID: 2384)
      • 2.0C.exe (PID: 8820)
      • 2.0C.exe (PID: 5956)
      • 2.0C.exe (PID: 8860)
      • 2.0C.exe (PID: 8536)
      • 2.0C.exe (PID: 5416)
      • 2.0C.exe (PID: 8856)
      • 2.0C.exe (PID: 5984)
      • 2.0C.exe (PID: 4652)
      • 2.0C.exe (PID: 7724)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • 2.0C.exe (PID: 8876)
      • 2.0C.exe (PID: 8428)
      • 2.0C.exe (PID: 8592)

    • The process drops C-runtime libraries

      • 2.0C.exe (PID: 8876)
      • 2.0C.exe (PID: 8428)
      • 2.0C.exe (PID: 8592)

    • Executable content was dropped or overwritten

      • 2.0C.exe (PID: 8876)
      • 2.0C.exe (PID: 8428)
      • 2.0C.exe (PID: 8592)

    • Process drops python dynamic module

      • 2.0C.exe (PID: 8876)
      • 2.0C.exe (PID: 8428)
      • 2.0C.exe (PID: 8592)

    • Application launched itself

      • 2.0C.exe (PID: 8876)
      • 2.0C.exe (PID: 9088)
      • 2.0C.exe (PID: 8428)
      • 2.0C.exe (PID: 1628)
      • 2.0C.exe (PID: 8592)
      • 2.0C.exe (PID: 2552)

    • Loads Python modules

      • 2.0C.exe (PID: 9056)
      • 2.0C.exe (PID: 9088)
      • 2.0C.exe (PID: 1628)
      • 2.0C.exe (PID: 8952)
      • 2.0C.exe (PID: 9212)
      • 2.0C.exe (PID: 3192)
      • 2.0C.exe (PID: 3888)
      • 2.0C.exe (PID: 7148)
      • 2.0C.exe (PID: 5936)
      • 2.0C.exe (PID: 2344)
      • 2.0C.exe (PID: 8352)
      • 2.0C.exe (PID: 7820)
      • 2.0C.exe (PID: 8356)
      • 2.0C.exe (PID: 8000)
      • 2.0C.exe (PID: 8344)
      • 2.0C.exe (PID: 1088)
      • 2.0C.exe (PID: 8452)
      • 2.0C.exe (PID: 2384)
      • 2.0C.exe (PID: 5956)
      • 2.0C.exe (PID: 8860)
      • 2.0C.exe (PID: 8820)
      • 2.0C.exe (PID: 8536)
      • 2.0C.exe (PID: 5416)
      • 2.0C.exe (PID: 7724)
      • 2.0C.exe (PID: 5984)
      • 2.0C.exe (PID: 8856)
      • 2.0C.exe (PID: 6644)
      • 2.0C.exe (PID: 4652)

    • Connects to unusual port

      • 2.0C.exe (PID: 9056)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 616)

    • Reads Environment values

      • identity_helper.exe (PID: 8948)

    • Reads the computer name

      • identity_helper.exe (PID: 8948)
      • 2.0C.exe (PID: 8876)
      • 2.0C.exe (PID: 9056)
      • 2.0C.exe (PID: 8428)
      • 2.0C.exe (PID: 8592)

    • Checks supported languages

      • identity_helper.exe (PID: 8948)
      • 2.0C.exe (PID: 8876)
      • 2.0C.exe (PID: 8428)
      • 2.0C.exe (PID: 9088)
      • 2.0C.exe (PID: 9056)
      • 2.0C.exe (PID: 3192)
      • 2.0C.exe (PID: 3888)
      • 2.0C.exe (PID: 1628)
      • 2.0C.exe (PID: 9212)
      • 2.0C.exe (PID: 8952)
      • 2.0C.exe (PID: 5936)
      • 2.0C.exe (PID: 7148)
      • 2.0C.exe (PID: 2344)
      • 2.0C.exe (PID: 8352)
      • 2.0C.exe (PID: 7820)
      • 2.0C.exe (PID: 8356)
      • 2.0C.exe (PID: 8000)
      • 2.0C.exe (PID: 8344)
      • 2.0C.exe (PID: 1088)
      • 2.0C.exe (PID: 2384)
      • 2.0C.exe (PID: 5956)
      • 2.0C.exe (PID: 8452)
      • 2.0C.exe (PID: 8860)
      • 2.0C.exe (PID: 8856)
      • 2.0C.exe (PID: 8820)
      • 2.0C.exe (PID: 8536)
      • 2.0C.exe (PID: 7724)
      • 2.0C.exe (PID: 4652)
      • 2.0C.exe (PID: 5984)
      • 2.0C.exe (PID: 5416)
      • 2.0C.exe (PID: 6644)
      • 2.0C.exe (PID: 8708)
      • 2.0C.exe (PID: 8592)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 616)

    • Manual execution by a user

      • 2.0C.exe (PID: 8876)
      • 2.0C.exe (PID: 8428)
      • 2.0C.exe (PID: 8592)

    • The sample compiled with english language support

      • 2.0C.exe (PID: 8876)
      • 2.0C.exe (PID: 8428)
      • 2.0C.exe (PID: 8592)

    • Create files in a temporary directory

      • 2.0C.exe (PID: 8876)
      • 2.0C.exe (PID: 9056)
      • 2.0C.exe (PID: 8428)
      • 2.0C.exe (PID: 9088)
      • 2.0C.exe (PID: 3192)
      • 2.0C.exe (PID: 1628)
      • 2.0C.exe (PID: 3888)
      • 2.0C.exe (PID: 8952)
      • 2.0C.exe (PID: 7148)
      • 2.0C.exe (PID: 5936)
      • 2.0C.exe (PID: 2344)
      • 2.0C.exe (PID: 9212)
      • 2.0C.exe (PID: 8344)
      • 2.0C.exe (PID: 1088)
      • 2.0C.exe (PID: 7820)
      • 2.0C.exe (PID: 8356)
      • 2.0C.exe (PID: 8352)
      • 2.0C.exe (PID: 8000)
      • 2.0C.exe (PID: 8452)
      • 2.0C.exe (PID: 8860)
      • 2.0C.exe (PID: 8820)
      • 2.0C.exe (PID: 5956)
      • 2.0C.exe (PID: 2384)
      • 2.0C.exe (PID: 8536)
      • 2.0C.exe (PID: 5416)
      • 2.0C.exe (PID: 8856)
      • 2.0C.exe (PID: 5984)
      • 2.0C.exe (PID: 7724)
      • 2.0C.exe (PID: 4652)
      • 2.0C.exe (PID: 8592)

    • Reads the software policy settings

      • slui.exe (PID: 7880)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
225
Monitored processes
94
Malicious processes
5
Suspicious processes
25

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs 2.0c.exe 2.0c.exe no specs 2.0c.exe svchost.exe msedge.exe no specs msedge.exe no specs 2.0c.exe 2.0c.exe slui.exe no specs 2.0c.exe 2.0c.exe no specs 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe msedge.exe no specs 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe 2.0c.exe no specs 2.0c.exe no specs msedge.exe no specs 2.0c.exe no specs 2.0c.exe no specs 2.0c.exe no specs 2.0c.exe no specs 2.0c.exe no specs 2.0c.exe no specs 2.0c.exe no specs 2.0c.exe no specs 2.0c.exe no specs 2.0c.exe no specs 2.0c.exe no specs 2.0c.exe no specs 2.0c.exe no specs 2.0c.exe no specs 2.0c.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
496"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x300,0x304,0x308,0x284,0x310,0x7ffc87fc5fd8,0x7ffc87fc5fe4,0x7ffc87fc5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
516"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7276 --field-trial-handle=2220,i,8162630635016856780,18310247289184075027,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
616"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://fex.net/s/kfopxys"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1088C:\Users\admin\Desktop\2.0C.exe --runC:\Users\admin\Desktop\2.0C.exe
2.0C.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\2.0c.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1628"C:\Users\admin\Desktop\2.0C.exe" C:\Users\admin\Desktop\2.0C.exe2.0C.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\2.0c.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1672"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5992 --field-trial-handle=2220,i,8162630635016856780,18310247289184075027,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1764C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2344C:\Users\admin\Desktop\2.0C.exe --runC:\Users\admin\Desktop\2.0C.exe
2.0C.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\2.0c.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2384C:\Users\admin\Desktop\2.0C.exe --runC:\Users\admin\Desktop\2.0C.exe
2.0C.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\2.0c.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
13 598
Read events
13 525
Write events
73
Delete events
0

Modification events

(PID) Process:(616) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(616) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(616) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(616) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(616) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
FF3E42CF15942F00
(PID) Process:(616) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
AD7852CF15942F00
(PID) Process:(616) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262988
Operation:writeName:WindowTabManagerFileMappingId
Value:
{E446E841-7737-420D-A30B-32E27CD489F1}
(PID) Process:(616) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262988
Operation:writeName:WindowTabManagerFileMappingId
Value:
{48913D2D-6139-4149-852D-042275D03ADC}
(PID) Process:(616) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262988
Operation:writeName:WindowTabManagerFileMappingId
Value:
{55973EE1-67E1-44A2-BB4E-62B4BC957037}
(PID) Process:(616) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262988
Operation:writeName:WindowTabManagerFileMappingId
Value:
{4A5418BC-4A27-41F4-AFC7-2E18392EEA5D}
Executable files
129
Suspicious files
188
Text files
133
Unknown types
2

Dropped files

PID
Process
Filename
Type
616msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10c035.TMP
MD5:
SHA256:
616msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
616msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10c044.TMP
MD5:
SHA256:
616msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
616msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10c044.TMP
MD5:
SHA256:
616msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
616msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10c035.TMP
MD5:
SHA256:
616msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
616msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10c054.TMP
MD5:
SHA256:
616msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
127
DNS requests
125
Threats
19

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.216.77.20:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1180
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1180
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
9120
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a575cead-e662-4f4d-b0c3-81f1438d0388?P1=1747700363&P2=404&P3=2&P4=HSXzzTFdS%2fiDUHeIr17TxL%2burF8Ykq2zYyUWQOVoyeem8HaNHaHagyzXICXceIQIQ22m8JO%2bmsv0MVpabMFrSg%3d%3d
unknown
whitelisted
9120
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a575cead-e662-4f4d-b0c3-81f1438d0388?P1=1747700363&P2=404&P3=2&P4=HSXzzTFdS%2fiDUHeIr17TxL%2burF8Ykq2zYyUWQOVoyeem8HaNHaHagyzXICXceIQIQ22m8JO%2bmsv0MVpabMFrSg%3d%3d
unknown
whitelisted
9120
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a575cead-e662-4f4d-b0c3-81f1438d0388?P1=1747700363&P2=404&P3=2&P4=HSXzzTFdS%2fiDUHeIr17TxL%2burF8Ykq2zYyUWQOVoyeem8HaNHaHagyzXICXceIQIQ22m8JO%2bmsv0MVpabMFrSg%3d%3d
unknown
whitelisted
9120
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a575cead-e662-4f4d-b0c3-81f1438d0388?P1=1747700363&P2=404&P3=2&P4=HSXzzTFdS%2fiDUHeIr17TxL%2burF8Ykq2zYyUWQOVoyeem8HaNHaHagyzXICXceIQIQ22m8JO%2bmsv0MVpabMFrSg%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
23.216.77.20:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7292
msedge.exe
104.21.90.161:443
fex.net
whitelisted
7292
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
616
msedge.exe
239.255.255.250:1900
whitelisted
7292
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7292
msedge.exe
13.107.6.158:443
business.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.206
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.216.77.20
  • 23.216.77.37
  • 23.216.77.22
  • 23.216.77.19
  • 23.216.77.28
  • 23.216.77.18
  • 23.216.77.15
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 95.101.149.131
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
fex.net
  • 104.21.90.161
  • 172.67.202.114
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
www.bing.com
  • 2.23.227.208
  • 2.23.227.215
whitelisted

Threats

PID
Process
Class
Message
7292
msedge.exe
Misc activity
ET FILE_SHARING Commonly Abused File Sharing Site Domain Observed (fex .net in DNS Lookup)
7292
msedge.exe
Misc activity
ET FILE_SHARING Commonly Abused File Sharing Site Domain Observed (fex .net in DNS Lookup)
7292
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7292
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7292
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7292
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7292
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7292
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7292
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7292
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://fex.net/s/kfopxys