URL:

https://www.entrust.com/support/instant-id-card-issuance-systems/ds3-direct-to-card-printer-support#download

Full analysis: https://app.any.run/tasks/0b8734d9-9c36-4150-bb03-7fd880b89bde
Verdict: Malicious activity
Analysis date: January 15, 2026, 05:44:15
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
websocket
lua
qrcode
Indicators:
MD5:

9549401633B9235B942BA82AC9380504

SHA1:

110D1E5AF7CB275B74F462793B44C02DE7198EB0

SHA256:

BB11CBD7EE07BE9636560E7EAC5D9F82FAF63F257078F1631A19A1FE36E5F644

SSDEEP:

3:N8DSLYLlViKmRyAkcHlgI+9McIW5G8S/:2OLYLPirkAVHlW9zr5A/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Starts NET.EXE for service management

      • cmd.exe (PID: 948)
      • net.exe (PID: 7360)
      • net.exe (PID: 3276)
      • cmd.exe (PID: 1700)
      • net.exe (PID: 3436)
      • cmd.exe (PID: 8384)
      • cmd.exe (PID: 7768)
      • net.exe (PID: 7404)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • XPSCardPrinter_8.7.12.0.exe (PID: 8732)
      • pnputil.exe (PID: 8436)
      • spoolsv.exe (PID: 7644)

    • Drops a system driver (possible attempt to evade defenses)

      • XPSCardPrinter_8.7.12.0.exe (PID: 8732)
      • pnputil.exe (PID: 8436)
      • drvinst.exe (PID: 6556)

    • Starts CMD.EXE for commands execution

      • dxp01install.exe (PID: 5628)
      • dxp01uninst.exe (PID: 8228)
      • dxp01USBPrinterStatus.exe (PID: 4028)

    • Uses RUNDLL32.EXE to load library

      • dxp01install.exe (PID: 5628)
      • cmd.exe (PID: 8508)

    • There is functionality for taking screenshot (YARA)

      • autorun.exe (PID: 816)

    • Executes as Windows Service

      • dxp01XPSWinService.exe (PID: 8460)
      • spoolsv.exe (PID: 7644)
      • spoolsv.exe (PID: 4636)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 2832)
      • cmd.exe (PID: 8868)
      • cmd.exe (PID: 6296)
      • cmd.exe (PID: 8424)

    • Executes application which crashes

      • dxp01USBPrinterStatus.exe (PID: 4028)

    • Stops a currently running service

      • sc.exe (PID: 8592)
      • sc.exe (PID: 8556)

    • Windows service management via SC.EXE

      • sc.exe (PID: 3044)
      • sc.exe (PID: 9176)

  • INFO

    • Reads Environment values

      • identity_helper.exe (PID: 8880)

    • Reads the computer name

      • identity_helper.exe (PID: 8880)
      • XPSCardPrinter_8.7.12.0.exe (PID: 8732)
      • drvinst.exe (PID: 9120)
      • dxp01ClientNotify.exe (PID: 8956)
      • autorun.exe (PID: 816)
      • dxp01install.exe (PID: 5628)
      • dxp01XPSWinService.exe (PID: 4288)
      • drvinst.exe (PID: 6556)
      • dxp01ClientNotify.exe (PID: 8976)
      • dxp01XPSWinService.exe (PID: 8460)
      • TextInputHost.exe (PID: 5728)
      • dxp01uninst.exe (PID: 8228)
      • dxp01USBPrinterStatus.exe (PID: 4028)
      • dxp01XPSWinService.exe (PID: 8232)
      • drvinst.exe (PID: 4920)
      • drvinst.exe (PID: 5628)
      • drvinst.exe (PID: 6996)
      • dxp01ClientNotify.exe (PID: 7028)

    • Checks supported languages

      • identity_helper.exe (PID: 8880)
      • XPSCardPrinter_8.7.12.0.exe (PID: 8732)
      • autorun.exe (PID: 816)
      • dxp01install.exe (PID: 5628)
      • dxp01ClientNotify.exe (PID: 8956)
      • drvinst.exe (PID: 9120)
      • dxp01ClientNotify.exe (PID: 8976)
      • dxp01XPSWinService.exe (PID: 4288)
      • dxp01XPSWinService.exe (PID: 8460)
      • drvinst.exe (PID: 6556)
      • dxp01uninst.exe (PID: 8228)
      • drvinst.exe (PID: 6996)
      • dxp01USBPrinterStatus.exe (PID: 4028)
      • TextInputHost.exe (PID: 5728)
      • drvinst.exe (PID: 4920)
      • drvinst.exe (PID: 5628)
      • dxp01XPSWinService.exe (PID: 8232)
      • dxp01ClientNotify.exe (PID: 7028)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 7860)
      • msedge.exe (PID: 7528)

    • Create files in a temporary directory

      • XPSCardPrinter_8.7.12.0.exe (PID: 8732)
      • autorun.exe (PID: 816)
      • pnputil.exe (PID: 8436)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 7528)

    • Application launched itself

      • msedge.exe (PID: 7528)

    • The sample compiled with english language support

      • XPSCardPrinter_8.7.12.0.exe (PID: 8732)
      • drvinst.exe (PID: 9120)
      • pnputil.exe (PID: 8436)
      • drvinst.exe (PID: 6556)
      • spoolsv.exe (PID: 7644)
      • drvinst.exe (PID: 4920)

    • The sample compiled with chinese language support

      • XPSCardPrinter_8.7.12.0.exe (PID: 8732)
      • drvinst.exe (PID: 9120)
      • spoolsv.exe (PID: 7644)
      • drvinst.exe (PID: 4920)

    • The sample compiled with japanese language support

      • XPSCardPrinter_8.7.12.0.exe (PID: 8732)
      • drvinst.exe (PID: 9120)
      • spoolsv.exe (PID: 7644)
      • drvinst.exe (PID: 4920)

    • Creates files in the program directory

      • dxp01install.exe (PID: 5628)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 9120)
      • drvinst.exe (PID: 6556)
      • drvinst.exe (PID: 4920)

    • The process uses Lua

      • autorun.exe (PID: 816)

    • Manual execution by a user

      • dxp01uninst.exe (PID: 8228)
      • dxp01uninst.exe (PID: 8556)

    • Creates files in the driver directory

      • spoolsv.exe (PID: 7644)

    • Checks proxy server information

      • slui.exe (PID: 8516)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
285
Monitored processes
128
Malicious processes
1
Suspicious processes
6

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs xpscardprinter_8.7.12.0.exe no specs xpscardprinter_8.7.12.0.exe autorun.exe no specs dxp01install.exe no specs drvinst.exe no specs dxp01clientnotify.exe no specs cmd.exe no specs conhost.exe no specs pnputil.exe drvinst.exe no specs cmd.exe no specs conhost.exe no specs rundll32.exe no specs slui.exe dxp01clientnotify.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs dxp01xpswinservice.exe no specs dxp01xpswinservice.exe no specs dxp01usbprinterstatus.exe unsecapp.exe no specs conhost.exe no specs cmd.exe no specs pnputil.exe no specs conhost.exe no specs cmd.exe no specs pnputil.exe no specs msedge.exe no specs msedge.exe no specs textinputhost.exe no specs dxp01uninst.exe no specs dxp01uninst.exe conhost.exe no specs cmd.exe no specs pnputil.exe no specs conhost.exe no specs cmd.exe no specs pnputil.exe no specs cmd.exe no specs conhost.exe no specs net.exe no specs net1.exe no specs conhost.exe no specs cmd.exe no specs pnputil.exe no specs conhost.exe no specs cmd.exe no specs pnputil.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs net.exe no specs net1.exe no specs spoolsv.exe conhost.exe no specs cmd.exe no specs pnputil.exe no specs cmd.exe no specs conhost.exe no specs pnputil.exe no specs drvinst.exe no specs cmd.exe no specs conhost.exe no specs pnputil.exe no specs drvinst.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs dxp01xpswinservice.exe no specs cmd.exe no specs pnputil.exe no specs conhost.exe no specs cmd.exe no specs pnputil.exe no specs werfault.exe drvinst.exe no specs cmd.exe no specs conhost.exe no specs sc.exe no specs cmd.exe no specs conhost.exe no specs sc.exe no specs cmd.exe no specs conhost.exe no specs sc.exe no specs cmd.exe no specs conhost.exe no specs sc.exe no specs dxp01clientnotify.exe no specs cmd.exe no specs conhost.exe no specs net.exe no specs net1.exe no specs cmd.exe no specs conhost.exe no specs net.exe no specs net1.exe no specs spoolsv.exe no specs msedge.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
816.\autorun.exeC:\Users\admin\AppData\Local\Temp\7zS691C.tmp\autorun.exeXPSCardPrinter_8.7.12.0.exe
User:
admin
Integrity Level:
HIGH
Description:
XPS Card Printer Installer
Exit code:
0
Version:
8.5.0.0
Modules
Images
c:\users\admin\appdata\local\temp\7zs691c.tmp\autorun.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
948pnputil.exe /enum-devices /problem /idsC:\Windows\System32\pnputil.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft PnP Utility - Tool to add, delete, export, and enumerate driver packages.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\pnputil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\devobj.dll
948C:\WINDOWS\system32\cmd.exe /C net stop spooler /yC:\Windows\System32\cmd.exedxp01uninst.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1156"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6892,i,17623954661389352452,14949244328686339081,262144 --variations-seed-version --mojo-platform-channel-handle=6656 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1176pnputil.exe /enum-devices /problem /idsC:\Windows\System32\pnputil.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft PnP Utility - Tool to add, delete, export, and enumerate driver packages.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\pnputil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\sechost.dll
1700C:\WINDOWS\system32\cmd.exe /C net start spooler /yC:\Windows\System32\cmd.exedxp01uninst.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1792C:\WINDOWS\system32\cmd.exe /C C:\WINDOWS\system32\spool\DRIVERS\x64\3\dxp01XPSWinService.exe -iC:\Windows\System32\cmd.exedxp01install.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1836"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=8000,i,17623954661389352452,14949244328686339081,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2292C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2372\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exedxp01USBPrinterStatus.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
37 186
Read events
36 937
Write events
240
Delete events
9

Modification events

(PID) Process:(816) autorun.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\DirectSound\Speaker Configuration
Operation:writeName:Speaker Configuration
Value:
4
(PID) Process:(816) autorun.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
Operation:writeName:Mag Track 1 XPS Card Printer
Value:
C:\Windows\Fonts\DXP01_T1.ttf
(PID) Process:(816) autorun.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
Operation:writeName:Mag Track 2 XPS Card Printer
Value:
C:\Windows\Fonts\DXP01_T2.ttf
(PID) Process:(816) autorun.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
Operation:writeName:Mag Track JIS XPS Card Printer
Value:
C:\Windows\Fonts\DXP01_JIS.ttf
(PID) Process:(816) autorun.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
Operation:writeName:Mag Track 3 XPS Card Printer
Value:
C:\Windows\Fonts\DXP01_T3.ttf
(PID) Process:(8556) rundll32.exeKey:HKEY_CURRENT_USER\Printers\Settings\Wizard
Operation:writeName:Default Attributes
Value:
512
(PID) Process:(8296) rundll32.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{675F097E-4C4D-11D0-B6C1-0800091AA605} {000214E9-0000-0000-C000-000000000046} 0xFFFF
Value:
010000000000000025E8A422E285DC01
(PID) Process:(8296) rundll32.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{F37C5810-4D3F-11D0-B4BF-00AA00BBB723} {000214E9-0000-0000-C000-000000000046} 0xFFFF
Value:
01000000000000004DF9A522E285DC01
(PID) Process:(8228) dxp01uninst.exeKey:HKEY_CURRENT_USER\Printers\DevModes2
Operation:delete valueName:XPS Card Printer
Value:
(PID) Process:(7644) spoolsv.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print
Operation:writeName:BeepEnabled
Value:
0
Executable files
312
Suspicious files
745
Text files
372
Unknown types
3

Dropped files

PID
Process
Filename
Type
7528msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFfdcda.TMP
MD5:
SHA256:
7528msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
7528msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFfdcda.TMP
MD5:
SHA256:
7528msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
7528msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFfdcda.TMP
MD5:
SHA256:
7528msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7528msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFfdce9.TMP
MD5:
SHA256:
7528msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RFfdce9.TMP
MD5:
SHA256:
7528msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFfdce9.TMP
MD5:
SHA256:
7528msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
743
TCP/UDP connections
145
DNS requests
139
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7860
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=65&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1741678270&lafgdate=0
US
text
892 b
whitelisted
7860
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
446 b
whitelisted
7860
msedge.exe
GET
200
104.18.22.222:443
https://copilot.microsoft.com/c/api/user/eligibility
US
text
25 b
whitelisted
7860
msedge.exe
GET
200
104.18.38.200:443
https://www.entrust.com/sites/default/files/css/css_QROiP0hv37Zj6uLd_1o0vDfAxPbKU6rKNvbm9ynpYZw.css?delta=2&language=en&theme=notech_subtheme&include=eJyNVNuWqyAM_SHRT3IhpMoUiZOEdvz7E2ztjNiudV687J1ALjux3gvatHb2-dFeCJM0lhmkD-kLnCB1jrm1zgFzGEIMsvYOI5I-k5Dl_7C_PKwZkvQCP9LHkK7v3IaYoR_Jrj0rGDD1w9g4JOg85cXG1n7Zn2a0t2C5X-wIQw7RA3VnqN2O50dKkPzuxTEoG-366_UHOnkpiln6_R6ZCEDT3-M78Xd8w_rADm9Aa4epeDcz-GA7hHkA32p1ZisC1CQUcFOnxUPy6m-GiO76gr03gkb79EJIgotgAqPgAjusXqN5cgdswhlMqZG5BbjvlLMxGg1TGdJP-3O89kWz2OQt-ZpWRB-YGWJFoYcaKVWV9-CHQzhs0ZoFvVO18QeaYEH6yN60w1iRHl2ey8UxDGRp3Sqzk4pTZjFjxMFGw2DJTS_yVtwO5gXhc20vMSzGnYq2nyqrTsJ4RB9y7ItuNLq8kxMQHg_ZkId2K6Jobbu1yjjMJb67ebX0wF4T3iN4tRgsw3u0KsRD38Y8ZV2h-7CYfRxqfhuWE4vj-7S2oXkHvRdOyjpdxMZhVn1VZ22NkiC_A6Lil6Rmf7v6lFzlSrrZVG4RSj2qMVsIfXayT2TtiXPVw--s7w8JEIxlByh-LJDej5l0v37w45UFZjNrmCXLAydgZ9U7i8quYnDR1ZK0WA7m04xm2Ta5-aPInvMgk9p21X_L15BaDxebozRlqehGXybed_gv0ua05EHDmcA3j7C7orJ_hUaMvw
US
text
813 b
unknown
7860
msedge.exe
GET
200
104.18.38.200:443
https://www.entrust.com/themes/custom/notech/assets/fonts/figtree/Figtree-Medium.woff2
US
binary
22.8 Kb
unknown
7860
msedge.exe
GET
200
104.18.38.200:443
https://www.entrust.com/sites/default/files/css/css_5egh1VEZ2UqYsDPCE69HK5QT07WpdZncwD3HYECHzpE.css?delta=1&language=en&theme=notech_subtheme&include=eJyNVNuWqyAM_SHRT3IhpMoUiZOEdvz7E2ztjNiudV687J1ALjux3gvatHb2-dFeCJM0lhmkD-kLnCB1jrm1zgFzGEIMsvYOI5I-k5Dl_7C_PKwZkvQCP9LHkK7v3IaYoR_Jrj0rGDD1w9g4JOg85cXG1n7Zn2a0t2C5X-wIQw7RA3VnqN2O50dKkPzuxTEoG-366_UHOnkpiln6_R6ZCEDT3-M78Xd8w_rADm9Aa4epeDcz-GA7hHkA32p1ZisC1CQUcFOnxUPy6m-GiO76gr03gkb79EJIgotgAqPgAjusXqN5cgdswhlMqZG5BbjvlLMxGg1TGdJP-3O89kWz2OQt-ZpWRB-YGWJFoYcaKVWV9-CHQzhs0ZoFvVO18QeaYEH6yN60w1iRHl2ey8UxDGRp3Sqzk4pTZjFjxMFGw2DJTS_yVtwO5gXhc20vMSzGnYq2nyqrTsJ4RB9y7ItuNLq8kxMQHg_ZkId2K6Jobbu1yjjMJb67ebX0wF4T3iN4tRgsw3u0KsRD38Y8ZV2h-7CYfRxqfhuWE4vj-7S2oXkHvRdOyjpdxMZhVn1VZ22NkiC_A6Lil6Rmf7v6lFzlSrrZVG4RSj2qMVsIfXayT2TtiXPVw--s7w8JEIxlByh-LJDej5l0v37w45UFZjNrmCXLAydgZ9U7i8quYnDR1ZK0WA7m04xm2Ta5-aPInvMgk9p21X_L15BaDxebozRlqehGXybed_gv0ua05EHDmcA3j7C7orJ_hUaMvw
US
text
128 Kb
unknown
7860
msedge.exe
GET
200
104.18.38.200:443
https://www.entrust.com/themes/custom/notech/assets/fonts/figtree/Figtree-SemiBold.woff2
US
binary
22.9 Kb
unknown
7860
msedge.exe
GET
200
104.18.38.200:443
https://www.entrust.com/sites/default/files/js/js_LCqb0nfSsUc9XOR4OzLeS4tcB0SydPn2GayYmRzYAtQ.js?scope=header&delta=0&language=en&theme=notech_subtheme&include=eJx1lOt6gyAMhm9o1EvqEyFVViCOBDvvfqGrbqL9Y_X9kkBOBeeEIC0dvF4ut0xJPgaYPfB1ggH74oPD3B3RBZhR-NcFk1u9OHhVAyx_Xv_Q0YtoCHgVGLpBH-33BT7hew_jRyJBO3ZgLWXnKZk-kL1v2DkjZDSdjWTxNqDxTEITrli9BvPSdmykiKamamaPj1WyEIKhIqpkfYXv_bGbzALJQXatrEQfVBhDI5HDltTiyDl8E4T987ZmImeBhd_IGSfKb9VZG0WN6MiWWA8Ovs-Ql2dlVlF5LixmCNRDMIyQ7biJc3XbmVfCx9regp-MPRRtjSpL8GlY6YiZ9nZP8jtljUCzohq4ScrHeoWH2bq2U--JHgGdWvTAeE6bXHW6axhDCS2FlsqYsXJ1sqITe9AfdKbScJ5WROfhDJ3PRiqxx8zGUtERamI9eyFe_nZA51uSmv1v3GuqGteMzDpRAWs9mk2aMrliZV261pNi08Ovor9vEsg41DVXvi-Qnk8lW-Q3frywYDRRr1mz3GmCEHWkWXSyGoUm_fdIWiyL8bCGRXzwsmjQVF7syqWXUW275vvCd58uDm9QgvwAe5UUqA
US
text
128 Kb
unknown
7860
msedge.exe
GET
200
104.18.38.200:443
https://www.entrust.com/themes/custom/notech/assets/fonts/figtree/Figtree-Bold.woff2
US
binary
23.0 Kb
unknown
7860
msedge.exe
GET
200
104.18.38.200:443
https://www.entrust.com/themes/custom/notech/assets/css/font-awesome/webfonts/fa-solid-900.woff2
US
binary
128 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1176
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
6768
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4684
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7860
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7860
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7860
msedge.exe
34.107.218.251:443
dev.visualwebsiteoptimizer.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
7860
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7860
msedge.exe
104.18.38.200:443
www.entrust.com
CLOUDFLARENET
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
  • 20.73.194.208
whitelisted
google.com
  • 142.251.140.174
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
www.entrust.com
  • 104.18.38.200
  • 172.64.149.56
unknown
copilot.microsoft.com
  • 104.18.22.222
  • 104.18.23.222
whitelisted
www.bing.com
  • 2.16.204.132
  • 2.16.204.160
  • 2.16.204.161
  • 2.16.204.138
  • 2.16.204.136
  • 2.16.204.135
  • 2.16.204.137
  • 2.16.204.159
  • 2.16.204.139
  • 2.16.204.156
  • 2.16.204.153
  • 2.16.204.134
  • 2.16.204.151
  • 2.16.204.155
whitelisted
cmp.osano.com
  • 18.245.31.78
  • 18.245.31.100
  • 18.245.31.35
  • 18.245.31.112
whitelisted
dev.visualwebsiteoptimizer.com
  • 34.107.218.251
whitelisted
static.addtoany.com
  • 104.20.20.192
  • 172.66.171.172
whitelisted

Threats

PID
Process
Class
Message
7860
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7860
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7860
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Not Suspicious Traffic
INFO [ANY.RUN] Websocket Upgrade Request
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Potentially Bad Traffic
ET INFO PE EXE or DLL Windows file download HTTP
Potentially Bad Traffic
ET INFO Executable served from Amazon S3
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.entrust.com/support/instant-id-card-issuance-systems/ds3-direct-to-card-printer-support#download