URL:

https://drive.google.com/uc?id=1f8bwkkpXaaWAuAtV-DvvG2neyN9FnSpr&export=download&authuser=0"

Full analysis: https://app.any.run/tasks/bc0053dc-c9a2-439e-a310-4004017711ad
Verdict: Malicious activity
Threats:

A keylogger is a type of spyware that infects a system and has the ability to record every keystroke made on the device. This lets attackers collect personal information of victims, which may include their online banking credentials, as well as personal conversations. The most widespread vector of attack leading to a keylogger infection begins with a phishing email or link. Keylogging is also often present in remote access trojans as part of an extended set of malicious tools.

Malware Trends Tracker     >>>
Analysis date: May 31, 2024, 20:03:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
keylogger
remcos
Indicators:
MD5:

D19ADEC5428A0C9D3FB608A1ABCC9D4D

SHA1:

9B53FF6A408F9259BF436CB27A325738B62C8C53

SHA256:

A54F9313A50B0FEBF50A08B29D7F1392880FFE87D3C38A76006C927D8BFCAB9D

SSDEEP:

3:N8PMMtZJu2NMu+WdkpiX0cUEYI5dglCCEQrNHn:2A2H+WdkpimEYI51HQrNHn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 1240)

    • Drops the executable file immediately after the start

      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 1240)

    • REMCOS has been detected (YARA)

      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 920)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 2660)

    • Executable content was dropped or overwritten

      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 1240)

    • Application launched itself

      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 1240)

    • Writes files like Keylogger logs

      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 920)

    • Reads the date of Windows installation

      • pwsh.exe (PID: 676)

    • Connects to unusual port

      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 920)

  • INFO

    • Reads the computer name

      • wmpnscfg.exe (PID: 1132)
      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 1240)
      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 920)
      • pwsh.exe (PID: 676)

    • Checks supported languages

      • wmpnscfg.exe (PID: 1132)
      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 1240)
      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 920)
      • pwsh.exe (PID: 676)

    • The process uses the downloaded file

      • msedge.exe (PID: 2460)
      • WinRAR.exe (PID: 2660)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1132)
      • explorer.exe (PID: 2936)
      • pwsh.exe (PID: 676)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2660)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2660)

    • Application launched itself

      • msedge.exe (PID: 3964)

    • Reads the machine GUID from the registry

      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 1240)

    • Creates files or folders in the user directory

      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 1240)

    • Reads product name

      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 920)

    • Reads Environment values

      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 920)

    • Creates files in the program directory

      • Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe (PID: 920)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Remcos

(PID) Process(920) Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe
C2 (1)bart2024.con-ip.com:2026
BotnetBART
Options
Connect_interval1
Install_flagFalse
Install_HKCU\RunTrue
Install_HKLM\RunTrue
Install_HKLM\Explorer\Run1
Install_HKLM\Winlogon\Shell100000
Setup_path%LOCALAPPDATA%
Copy_fileremcos.exe
Startup_valueTrue
Hide_fileFalse
Mutex_namejjrmskiisahncsfrdsa-OBP4DY
Keylog_flag1
Keylog_path%LOCALAPPDATA%
Keylog_fileregistros.dat
Keylog_cryptFalse
Hide_keylogTrue
Screenshot_flagFalse
Screenshot_time5
Take_ScreenshotFalse
Screenshot_path%APPDATA%
Screenshot_fileCapturas de pantalla
Screenshot_cryptFalse
Mouse_optionFalse
Delete_fileFalse
Audio_record_time5
Audio_path%ProgramFiles%
Audio_dirMicRecords
Connect_delay0
Copy_dirRemcos
Keylog_dirmjhfbey
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
70
Monitored processes
29
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe winrar.exe no specs factura g2912 pendiente de pago evite sanciones cancele su deuda.exe #REMCOS factura g2912 pendiente de pago evite sanciones cancele su deuda.exe msedge.exe no specs msedge.exe no specs explorer.exe no specs pwsh.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
316"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2248 --field-trial-handle=1312,i,14398564731448967480,7313321591557018123,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
552"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2224 --field-trial-handle=1312,i,14398564731448967480,7313321591557018123,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
676"C:\Program Files\PowerShell\7\pwsh.exe" -WorkingDirectory ~C:\Program Files\PowerShell\7\pwsh.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
pwsh
Exit code:
3221225786
Version:
7.2.11.500
Modules
Images
c:\program files\powershell\7\pwsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
748"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1268 --field-trial-handle=1312,i,14398564731448967480,7313321591557018123,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
860"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3632 --field-trial-handle=1312,i,14398564731448967480,7313321591557018123,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
920"C:\Users\admin\AppData\Local\Temp\Rar$EXb2660.16883\Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe"C:\Users\admin\AppData\Local\Temp\Rar$EXb2660.16883\Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe
Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe
User:
admin
Integrity Level:
MEDIUM
Description:
BART2025fd30
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb2660.16883\factura g2912 pendiente de pago evite sanciones cancele su deuda.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Remcos
(PID) Process(920) Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe
C2 (1)bart2024.con-ip.com:2026
BotnetBART
Options
Connect_interval1
Install_flagFalse
Install_HKCU\RunTrue
Install_HKLM\RunTrue
Install_HKLM\Explorer\Run1
Install_HKLM\Winlogon\Shell100000
Setup_path%LOCALAPPDATA%
Copy_fileremcos.exe
Startup_valueTrue
Hide_fileFalse
Mutex_namejjrmskiisahncsfrdsa-OBP4DY
Keylog_flag1
Keylog_path%LOCALAPPDATA%
Keylog_fileregistros.dat
Keylog_cryptFalse
Hide_keylogTrue
Screenshot_flagFalse
Screenshot_time5
Take_ScreenshotFalse
Screenshot_path%APPDATA%
Screenshot_fileCapturas de pantalla
Screenshot_cryptFalse
Mouse_optionFalse
Delete_fileFalse
Audio_record_time5
Audio_path%ProgramFiles%
Audio_dirMicRecords
Connect_delay0
Copy_dirRemcos
Keylog_dirmjhfbey
1064"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1424 --field-trial-handle=1312,i,14398564731448967480,7313321591557018123,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1132"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1212"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3820 --field-trial-handle=1312,i,14398564731448967480,7313321591557018123,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1240"C:\Users\admin\AppData\Local\Temp\Rar$EXb2660.16883\Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb2660.16883\Factura G2912 Pendiente de pago evite sanciones Cancele su deuda.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
BART2025fd30
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb2660.16883\factura g2912 pendiente de pago evite sanciones cancele su deuda.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
22 729
Read events
22 559
Write events
158
Delete events
12

Modification events

(PID) Process:(3964) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3964) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3964) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(3964) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3964) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3964) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(3964) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(3964) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
74FC0CC55B782F00
(PID) Process:(3964) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\FirstNotDefault
Operation:delete valueName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
(PID) Process:(3964) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
Executable files
2
Suspicious files
82
Text files
35
Unknown types
0

Dropped files

PID
Process
Filename
Type
3964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF103923.TMP
MD5:
SHA256:
3964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF103952.TMP
MD5:
SHA256:
3964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
3964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF103a3c.TMP
MD5:
SHA256:
3964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
3988msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pmabinary
MD5:C612E96CBFAC63232FC2062E15600FB1
SHA256:DB3C05D5EC0B6719A73E7F0BE84BCE9342772DA70567E7CE08CF6573480B38FF
3988msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pma~RF102f01.TMPbinary
MD5:886E82F2CA62ECCCE64601B30592078A
SHA256:E5E13D53601100FF3D6BB71514CBCCC4C73FE9B7EF5E930100E644187B42948E
3964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Variationsbinary
MD5:961E3604F228B0D10541EBF921500C86
SHA256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
3964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:A6EBC0D32A7B9304824D19DB63B4E37A
SHA256:E991057C2B1718A151C5FD06E1C153F57130D195454A1F94C8C4C20971697093
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
85
DNS requests
35
Threats
1

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
1064
msedge.exe
142.250.181.238:443
drive.google.com
GOOGLE
US
whitelisted
3964
msedge.exe
239.255.255.250:1900
unknown
1064
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1064
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1064
msedge.exe
216.58.206.33:443
drive.usercontent.google.com
GOOGLE
US
unknown
1064
msedge.exe
152.199.21.175:443
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
EDGECAST
DE
whitelisted
3964
msedge.exe
224.0.0.251:5353
unknown

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
drive.google.com
  • 142.250.181.238
shared
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
drive.usercontent.google.com
  • 216.58.206.33
unknown
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
  • 152.199.21.175
whitelisted
www.bing.com
  • 95.100.146.33
  • 95.100.146.16
  • 95.100.146.11
  • 95.100.146.19
  • 95.100.146.25
  • 95.100.146.27
  • 95.100.146.10
  • 95.100.146.40
  • 95.100.146.17
  • 95.100.146.32
  • 95.100.146.34
  • 95.100.146.35
  • 95.100.146.18
  • 95.100.146.9
whitelisted
bart2024.con-ip.com
  • 177.254.19.227
malicious
self.events.data.microsoft.com
  • 20.44.10.123
whitelisted
aka.ms
  • 104.119.110.121
whitelisted
pscoretestdata.blob.core.windows.net
  • 52.239.160.36
unknown

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO DNS Redirection Service Domain in DNS Lookup (con-ip .com)
Process
Message
pwsh.exe
Profiler was prevented from loading notification profiler due to app settings. Process ID (decimal): 676. Message ID: [0x2509].
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://drive.google.com/uc?id=1f8bwkkpXaaWAuAtV-DvvG2neyN9FnSpr&export=download&authuser=0"