URL:

track.pstmrk.it/3s/secure.concordnow.com/uuid/58f363f594b8418fb0733e28888894ea/Gqhi/6TS9AQ/AQ/6d954f94-d256-4a23-9e12-a6c8e35f9116/1/3vo8UcFOE1

Full analysis: https://app.any.run/tasks/50bc1163-928c-40ad-994c-3c518039717b
Verdict: Malicious activity
Analysis date: May 10, 2025, 02:16:33
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
websocket
MD5:

AAADC94B4ECD6CA43BBBC0A761F96A39

SHA1:

CF398C6037BA262D1541F1D669774C6E1EC2EC6C

SHA256:

A1A216960F83B23076BC9623785B8064D001B4553D0203481059D883CB5F1AFE

SSDEEP:

3:y/3WNdG4dmrI5eyJtdfcsx2crcExhfR+aoWlZun:6QzdNemcgIzaR/un

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
147
Monitored processes
0
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details

Process information

No data
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
165
TCP/UDP connections
119
DNS requests
103
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
302
3.130.226.128:443
https://track.pstmrk.it/3s/secure.concordnow.com/uuid/58f363f594b8418fb0733e28888894ea/Gqhi/6TS9AQ/AQ/6d954f94-d256-4a23-9e12-a6c8e35f9116/1/3vo8UcFOE1
unknown
POST
200
20.190.159.0:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
GET
302
99.86.4.52:443
https://secure.concordnow.com/uuid/58f363f594b8418fb0733e28888894ea
unknown
POST
400
20.190.159.73:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
GET
200
99.86.4.25:443
https://secure.concordnow.com/
unknown
html
12.3 Kb
whitelisted
5292
RUXIMICS.exe
GET
200
23.216.77.18:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3080
MoUsoCoreWorker.exe
GET
200
23.216.77.18:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5896
svchost.exe
GET
200
23.216.77.18:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5292
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3080
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5292
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
239.255.255.250:1900
whitelisted
3080
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5896
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
204
svchost.exe
40.126.31.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1396
msedge.exe
54.155.60.93:443
track.pstmrk.it
AMAZON-02
IE
shared
1396
msedge.exe
99.86.4.72:443
secure.concordnow.com
AMAZON-02
US
whitelisted
5292
RUXIMICS.exe
23.216.77.18:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3080
MoUsoCoreWorker.exe
23.216.77.18:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5896
svchost.exe
23.216.77.18:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
whitelisted
google.com
  • 142.250.186.78
whitelisted
login.live.com
  • 40.126.31.2
  • 40.126.31.67
  • 20.190.159.130
  • 20.190.159.64
  • 20.190.159.2
  • 20.190.159.131
  • 40.126.31.3
  • 20.190.159.129
whitelisted
track.pstmrk.it
  • 54.155.60.93
  • 54.154.85.144
  • 52.18.252.197
shared
secure.concordnow.com
  • 99.86.4.72
  • 99.86.4.52
  • 99.86.4.116
  • 99.86.4.25
whitelisted
crl.microsoft.com
  • 23.216.77.18
  • 23.216.77.25
  • 23.216.77.19
  • 23.216.77.36
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
go.microsoft.com
  • 184.30.18.9
whitelisted
www.bing.com
  • 104.126.37.128
  • 104.126.37.139
  • 104.126.37.145
  • 104.126.37.144
  • 104.126.37.131
  • 2.21.239.198
  • 2.21.239.199
whitelisted
fonts.googleapis.com
  • 142.250.186.170
whitelisted

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] Global content delivery network (unpkg .com)
Not Suspicious Traffic
INFO [ANY.RUN] Global content delivery network (unpkg .com)
Not Suspicious Traffic
INFO [ANY.RUN] An application monitoring request to sentry .io
Not Suspicious Traffic
INFO [ANY.RUN] An application monitoring request to sentry .io
Not Suspicious Traffic
INFO [ANY.RUN] Global content delivery network (unpkg .com)
Not Suspicious Traffic
INFO [ANY.RUN] Websocket Upgrade Request
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
track.pstmrk.it/3s/secure.concordnow.com/uuid/58f363f594b8418fb0733e28888894ea/Gqhi/6TS9AQ/AQ/6d954f94-d256-4a23-9e12-a6c8e35f9116/1/3vo8UcFOE1