File name:

c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a

Full analysis: https://app.any.run/tasks/3627052f-bf4f-4f09-aad1-5f4ae6641da8
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: November 18, 2024, 23:03:10
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
neshta
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

F8BB7ED0E0F407A36DF55C321D59CD1D

SHA1:

0ADFA0A98B8657AD2EE79FE3F95801DD9D258D76

SHA256:

C065588FB4866BF64A51341B8CA959EA533A848742ADC5993332FCD335018E0A

SSDEEP:

3072:SaLP9BpakdRiVj+J6pHdHg7OA57N/ul8DvE572:99fakdRAiiHd25hXI5C

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • NESHTA mutex has been found

      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 6668)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 6668)
      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 5828)

    • Executable content was dropped or overwritten

      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 6668)
      • WeMod-Setup-638675678089534807.exe (PID: 1576)
      • Update.exe (PID: 6836)

    • Mutex name with non-standard characters

      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 6668)

    • Reads Microsoft Outlook installation path

      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 5828)

    • Checks Windows Trust Settings

      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 5828)

    • Starts a Microsoft application from unusual location

      • FileCoAuth.exe (PID: 6424)

    • Process drops legitimate windows executable

      • Update.exe (PID: 6836)

    • Application launched itself

      • WeMod.exe (PID: 6900)

  • INFO

    • Checks supported languages

      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 6668)

    • The process uses the downloaded file

      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 6668)

    • Reads the computer name

      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 6668)

    • Process checks computer location settings

      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 6668)

    • Create files in a temporary directory

      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 6668)

    • Checks proxy server information

      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 5828)

    • Reads the machine GUID from the registry

      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 5828)

    • Reads the software policy settings

      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 5828)

    • Creates files or folders in the user directory

      • c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe (PID: 5828)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Borland Delphi 6 (93.8)
.dll | Win32 Dynamic Link Library (generic) (2.3)
.exe | Win32 Executable (generic) (1.6)
.exe | Win16/32 Executable Delphi generic (0.7)
.exe | Generic Win/DOS Executable (0.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 29696
InitializedDataSize: 10752
UninitializedDataSize: -
EntryPoint: 0x80e4
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
17
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start #NESHTA c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe filecoauth.exe no specs wemod-setup-638675678089534807.exe update.exe squirrel.exe no specs wemod.exe no specs update.exe no specs update.exe no specs wemod.exe no specs wemod.exe no specs wemod.exe no specs wemod.exe no specs update.exe no specs wemodauxiliaryservice.exe no specs wemod.exe no specs wemod.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1576"C:\Users\admin\AppData\Local\Temp\WeMod-Setup-638675678089534807.exe" --silentC:\Users\admin\AppData\Local\Temp\WeMod-Setup-638675678089534807.exe
c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe
User:
admin
Company:
WeMod
Integrity Level:
MEDIUM
Description:
WeMod - Ultimate Gaming Companion
Exit code:
0
Version:
9.14.0
1768"C:\Users\admin\AppData\Local\WeMod\app-9.14.0\Squirrel.exe" --updateSelf=C:\Users\admin\AppData\Local\SquirrelTemp\Update.exeC:\Users\admin\AppData\Local\WeMod\app-9.14.0\squirrel.exeUpdate.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
2416"C:\Users\admin\AppData\Local\WeMod\app-9.14.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\admin\AppData\Local\WeMod\app-9.14.0\resources\app.asar" --no-sandbox --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2580,i,17438261957261750063,11450398319968145041,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2576 /prefetch:1C:\Users\admin\AppData\Local\WeMod\app-9.14.0\WeMod.exeWeMod.exe
User:
admin
Company:
WeMod
Integrity Level:
MEDIUM
Description:
WeMod - Cheats and Mods
Version:
9.14.0
3008"C:\Users\admin\AppData\Local\WeMod\app-9.14.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\admin\AppData\Local\WeMod\app-9.14.0\resources\app.asar" --enable-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=4008,i,17438261957261750063,11450398319968145041,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3300 /prefetch:1C:\Users\admin\AppData\Local\WeMod\app-9.14.0\WeMod.exeWeMod.exe
User:
admin
Company:
WeMod
Integrity Level:
LOW
Description:
WeMod - Cheats and Mods
Version:
9.14.0
3676C:\Users\admin\AppData\Local\WeMod\Update.exe --createShortcut WeMod.exeC:\Users\admin\AppData\Local\WeMod\Update.exeWeMod.exe
User:
admin
Company:
GitHub
Integrity Level:
MEDIUM
Description:
Update
Exit code:
0
Version:
2.0.1.53
4016"C:\Users\admin\AppData\Local\WeMod\app-9.14.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\admin\AppData\Local\WeMod\app-9.14.0\resources\app.asar" --enable-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3968,i,17438261957261750063,11450398319968145041,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1C:\Users\admin\AppData\Local\WeMod\app-9.14.0\WeMod.exeWeMod.exe
User:
admin
Company:
WeMod
Integrity Level:
LOW
Description:
WeMod - Cheats and Mods
Version:
9.14.0
4128"C:\Users\admin\AppData\Local\WeMod\app-9.14.0\WeMod.exe" --squirrel-install 9.14.0C:\Users\admin\AppData\Local\WeMod\app-9.14.0\WeMod.exeUpdate.exe
User:
admin
Company:
WeMod
Integrity Level:
MEDIUM
Description:
WeMod - Cheats and Mods
Exit code:
0
Version:
9.14.0
5828"C:\Users\admin\AppData\Local\Temp\3582-490\c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe" C:\Users\admin\AppData\Local\Temp\3582-490\c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe
c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe
User:
admin
Company:
WeMod LLC
Integrity Level:
MEDIUM
Description:
WeMod Setup
Exit code:
0
Version:
8.0.0.0
Modules
Images
c:\windows\system32\msiso.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\textshaping.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wininet.dll
c:\windows\system32\ws2_32.dll
5948"C:\Users\admin\AppData\Local\WeMod\Update.exe" --processStart "WeMod.exe" --process-start-args "wemod://titles/73592?_inst=aKwjFAuHJ6K3kn4H"C:\Users\admin\AppData\Local\WeMod\Update.exec065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
6268C:\Users\admin\AppData\Local\WeMod\app-9.14.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe WeMod\Support_1731971140114_OutC:\Users\admin\AppData\Local\WeMod\app-9.14.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exeWeMod.exe
User:
admin
Company:
WeMod LLC
Integrity Level:
MEDIUM
Description:
WeMod
Version:
7.2.0.0
Total events
4 565
Read events
4 546
Write events
19
Delete events
0

Modification events

(PID) Process:(5828) c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(5828) c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(5828) c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(5828) c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wemod.com
Operation:writeName:NumberOfSubdomains
Value:
1
(PID) Process:(5828) c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wemod.com
Operation:writeName:Total
Value:
35
(PID) Process:(5828) c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(5828) c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(5828) c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(5828) c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(5828) c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
Executable files
34
Suspicious files
131
Text files
35
Unknown types
4

Dropped files

PID
Process
Filename
Type
5828c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\setup[1].htmhtml
MD5:6CA72D97F4F12B742A91355CC6C9F416
SHA256:729C47FB182513A690A01E3012A75DF64D98523BBCF597C2B64FF37F8CC763E0
5828c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\Inter-Thin-0f080c40c6[1].woffbinary
MD5:0F080C40C639962E1CAD093AA58192DC
SHA256:E9DA5A64A6A8EB87A2C6D475327F072B5CA25731DF07119F576C10C50AA9554D
5828c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\Inter-Light-0f0118feb7[1].woffbinary
MD5:0F0118FEB71664927EA7FB8015778795
SHA256:CB671D0DBC9A61EC80BFC91D5879E8635A09B7F309F5EE57810D4C6B7A26EE0C
5828c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeC:\Users\admin\AppData\Local\Temp\WeMod-Setup-638675678089534807.exe
MD5:
SHA256:
5828c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\Inter-Black-14a450a3d2[1].woffbinary
MD5:14A450A3D2FD191FCEFA23B273BAAF14
SHA256:95201F343A7EC66DBF5F9316A1E1A16AE65BEC02B4243F5B645CC6D484E42267
6668c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeC:\Users\admin\AppData\Local\Temp\3582-490\c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeexecutable
MD5:B38474365E272510EA8D7CC9D3C52B26
SHA256:3ACAE0DC7FDF6FE579B1C69E97AF7484D361D7D493D1BF12E6CA777980563CDB
5828c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\40MKY5XJ\api.wemod[1].xmltext
MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
5828c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\Inter-SemiBold-1d5bb5c64d[1].woffbinary
MD5:1D5BB5C64DC15405BDB04145DAB7B436
SHA256:807D56B95FCC04CD1C26FCA043DDF19E300C8AE156747458BD025A2B21CF54B4
1576WeMod-Setup-638675678089534807.exeC:\Users\admin\AppData\Local\SquirrelTemp\WeMod-9.14.0-full.nupkg
MD5:
SHA256:
6668c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exeC:\Users\admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileSyncConfig.exeexecutable
MD5:0C5EC1AE9A301408AF26032B445FBB08
SHA256:3A8010F1E4E028782093877D969EB127B80AE48B7215A8D3F91E8AB9C165AC7A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
48
TCP/UDP connections
31
DNS requests
38
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6944
svchost.exe
GET
200
2.19.126.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
2.19.126.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4292
RUXIMICS.exe
GET
200
2.19.126.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4292
RUXIMICS.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
104.22.42.75:443
https://api.wemod.com/client/setup?token=aKwjFAuHJ6K3kn4H&lang=en&dpi=96&width=470&height=435&osVersion=10.0.19045.0
unknown
html
25.7 Kb
whitelisted
GET
200
172.67.25.118:443
https://api.wemod.com/static/fonts/inter/Inter-Thin-0f080c40c6.woff
unknown
binary
132 Kb
whitelisted
GET
200
104.22.43.75:443
https://api.wemod.com/static/fonts/inter/Inter-ExtraLight-7d759358c1.woff
unknown
woff
137 Kb
whitelisted
GET
200
172.67.25.118:443
https://api.wemod.com/static/fonts/inter/Inter-Light-0f0118feb7.woff
unknown
woff
137 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6944
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
192.168.100.255:138
whitelisted
5828
c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a.exe
104.22.43.75:443
api.wemod.com
CLOUDFLARENET
whitelisted
6944
svchost.exe
2.19.126.147:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
2.19.126.147:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4292
RUXIMICS.exe
2.19.126.147:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5488
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 4.231.128.59
whitelisted
google.com
  • 172.217.18.14
whitelisted
api.wemod.com
  • 104.22.43.75
  • 104.22.42.75
  • 172.67.25.118
whitelisted
crl.microsoft.com
  • 2.19.126.147
  • 2.19.126.133
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
www.google-analytics.com
  • 142.250.181.238
whitelisted
api2.amplitude.com
  • 35.81.72.218
  • 54.201.167.71
  • 44.237.236.31
  • 52.40.12.44
  • 52.37.7.62
  • 35.160.38.12
  • 35.166.53.176
  • 44.238.33.118
  • 52.13.66.185
  • 35.162.110.45
  • 52.39.157.96
  • 35.161.49.132
whitelisted
storage-cdn.wemod.com
  • 104.22.42.75
  • 104.22.43.75
  • 172.67.25.118
whitelisted
self.events.data.microsoft.com
  • 52.168.117.175
whitelisted
www.bing.com
  • 2.23.209.149
  • 2.23.209.182
  • 2.23.209.130
  • 2.23.209.133
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
c065588fb4866bf64a51341b8ca959ea533a848742adc5993332fcd335018e0a