File name:

_igetintopc.com_Maxon_App_2.1.0.exe

Full analysis: https://app.any.run/tasks/3123b7a5-a365-409a-94ed-d8989d47672b
Verdict: Malicious activity
Analysis date: October 08, 2024, 07:12:21
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-doc
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

7569769DBF6FE05C8D9527B042E7DA34

SHA1:

7D9FCD030E47DF7BFFBBFAEEA5316C389E2B3354

SHA256:

C43FB86178186A2F9EE0ADB7F8860DC2718A21DE3E133923E3B96DA574A98823

SSDEEP:

393216:5f8frSEyy2uxJ5AkMGHJkwmQH0+UtDmoHkH6:5f8DSEyy2wT3BmgUtSoHka

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • _igetintopc.com_Maxon_App_2.1.0.exe (PID: 1884)

    • Executable content was dropped or overwritten

      • _igetintopc.com_Maxon_App_2.1.0.exe (PID: 1884)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6928)
      • MicrosoftEdgeUpdateSetup.exe (PID: 3836)
      • VC_redist.x64.19.exe (PID: 4892)
      • vcredist_x64.12.exe (PID: 5532)
      • VC_redist.x64.19.exe (PID: 6364)

    • Process drops legitimate windows executable

      • _igetintopc.com_Maxon_App_2.1.0.exe (PID: 1884)
      • MicrosoftEdgeUpdateSetup.exe (PID: 3836)
      • MicrosoftEdgeUpdate.exe (PID: 1988)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6928)
      • vcredist_x64.12.exe (PID: 5532)
      • VC_redist.x64.19.exe (PID: 6364)

    • The process drops C-runtime libraries

      • _igetintopc.com_Maxon_App_2.1.0.exe (PID: 1884)

    • Uses ICACLS.EXE to modify access control lists

      • cmd.exe (PID: 2324)
      • cmd.exe (PID: 5136)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 2324)
      • cmd.exe (PID: 5136)
      • cmd.exe (PID: 3508)
      • cmd.exe (PID: 7132)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 5136)
      • cmd.exe (PID: 2324)

    • Starts NET.EXE to display or manage information about active sessions

      • cmd.exe (PID: 3508)
      • net.exe (PID: 2264)
      • cmd.exe (PID: 7132)
      • net.exe (PID: 5300)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 5276)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 6928)
      • MicrosoftEdgeUpdate.exe (PID: 2824)
      • MicrosoftEdgeUpdateSetup.exe (PID: 3836)
      • MicrosoftEdgeUpdate.exe (PID: 1988)
      • vcredist_x64.12.exe (PID: 5532)
      • VC_redist.x64.19.exe (PID: 6364)
      • VC_redist.x64.19.exe (PID: 4892)

  • INFO

    • Create files in a temporary directory

      • _igetintopc.com_Maxon_App_2.1.0.exe (PID: 1884)
      • Maxon App Installer.exe (PID: 6172)

    • Checks supported languages

      • _igetintopc.com_Maxon_App_2.1.0.exe (PID: 1884)
      • Maxon App Installer.exe (PID: 6172)
      • rguninstaller.exe (PID: 1220)
      • mxredirect.exe (PID: 6460)

    • Reads the computer name

      • _igetintopc.com_Maxon_App_2.1.0.exe (PID: 1884)
      • Maxon App Installer.exe (PID: 6172)
      • mxredirect.exe (PID: 6460)

    • Process checks computer location settings

      • _igetintopc.com_Maxon_App_2.1.0.exe (PID: 1884)

    • Manual execution by a user

      • rguninstaller.exe (PID: 1696)
      • OpenWith.exe (PID: 1984)
      • rguninstaller.exe (PID: 1220)
      • mxredirect.exe (PID: 6460)
      • cmd.exe (PID: 2324)
      • cmd.exe (PID: 5136)
      • cmd.exe (PID: 3508)
      • OpenWith.exe (PID: 5996)
      • cmd.exe (PID: 5276)
      • notepad.exe (PID: 6044)
      • MxNotify.exe (PID: 5056)
      • SerialFiller.exe (PID: 3272)
      • cmd.exe (PID: 7032)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6928)
      • rgdeploy.exe (PID: 2868)
      • rga-uninstaller-helper.exe (PID: 6764)
      • cmd.exe (PID: 7132)
      • rga-uninstaller-helper.exe (PID: 2264)
      • vcredist_x64.12.exe (PID: 5532)
      • cmd.exe (PID: 3852)
      • VC_redist.x64.19.exe (PID: 6364)
      • notepad.exe (PID: 4120)
      • cmd.exe (PID: 6336)

    • Creates files in the program directory

      • Maxon App Installer.exe (PID: 6172)
      • mxredirect.exe (PID: 6460)

    • The process uses the downloaded file

      • _igetintopc.com_Maxon_App_2.1.0.exe (PID: 1884)

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 1984)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:05:06 07:00:00+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 105472
InitializedDataSize: 96768
UninitializedDataSize: -
EntryPoint: 0x19502
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Maxon Application Installer
FileDescription: Maxon Self-Extracting Installer
FileVersion: 1.0.0.0
InternalName: -
LegalCopyright: Copyright (c) 2021 Maxon Computer GmbH
OriginalFileName: -
ProductName: Maxon Installer
ProductVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
194
Monitored processes
77
Malicious processes
5
Suspicious processes
3

Behavior graph

Click at the process to see the details
start _igetintopc.com_maxon_app_2.1.0.exe maxon app installer.exe no specs rguninstaller.exe no specs rguninstaller.exe conhost.exe no specs cmd.exe no specs conhost.exe no specs mxredirect.exe no specs openwith.exe no specs conhost.exe no specs icacls.exe no specs sc.exe no specs timeout.exe no specs cmd.exe no specs conhost.exe no specs icacls.exe no specs icacls.exe no specs sc.exe no specs timeout.exe no specs cmd.exe no specs conhost.exe no specs net.exe no specs net1.exe no specs timeout.exe no specs sc.exe no specs timeout.exe no specs serialfiller.exe no specs sc.exe no specs timeout.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs sc.exe no specs timeout.exe no specs explorer.exe no specs notepad.exe no specs sc.exe no specs timeout.exe no specs explorer.exe no specs mxnotify.exe no specs sc.exe no specs timeout.exe no specs openwith.exe no specs sc.exe no specs sc.exe no specs timeout.exe no specs cmd.exe no specs conhost.exe no specs microsoftedgewebview2setup.exe cmd.exe no specs conhost.exe no specs net.exe no specs net1.exe no specs timeout.exe no specs microsoftedgeupdate.exe no specs sc.exe no specs timeout.exe no specs rgdeploy.exe no specs conhost.exe no specs microsoftedgeupdatesetup.exe rga-uninstaller-helper.exe no specs microsoftedgeupdate.exe rga-uninstaller-helper.exe conhost.exe no specs notepad.exe no specs cmd.exe no specs conhost.exe no specs sc.exe no specs timeout.exe no specs sc.exe no specs timeout.exe no specs vcredist_x64.12.exe cmd.exe no specs conhost.exe no specs vc_redist.x64.19.exe vc_redist.x64.19.exe _igetintopc.com_maxon_app_2.1.0.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
400timeout /T 5 /NOBREAKC:\Windows\System32\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
796timeout /T 5 /NOBREAKC:\Windows\System32\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
884timeout /T 2 /NOBREAKC:\Windows\System32\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1076"C:\WINDOWS\system32\sc.exe" delete "mxredirect"C:\Windows\System32\sc.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Service Control Manager Configuration Tool
Exit code:
1060
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
1080timeout /T 2 /NOBREAKC:\Windows\System32\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1220"C:\Users\admin\Desktop\rguninstaller.exe" C:\Users\admin\Desktop\rguninstaller.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
4294967295
Modules
Images
c:\users\admin\desktop\rguninstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1232timeout /T 10 /NOBREAKC:\Windows\System32\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1344"C:\WINDOWS\system32\sc.exe" create "Red Giant Service" binpath= "C:\Program Files\Red Giant\Services\Red Giant Service.exe" start= auto obj= "NT AUTHORITY\Localservice"C:\Windows\System32\sc.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Service Control Manager Configuration Tool
Exit code:
5
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
1696"C:\Users\admin\Desktop\rguninstaller.exe" C:\Users\admin\Desktop\rguninstaller.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\rguninstaller.exe
c:\windows\system32\ntdll.dll
1884"C:\Users\admin\Desktop\_igetintopc.com_Maxon_App_2.1.0.exe" C:\Users\admin\Desktop\_igetintopc.com_Maxon_App_2.1.0.exe
explorer.exe
User:
admin
Company:
Maxon Application Installer
Integrity Level:
HIGH
Description:
Maxon Self-Extracting Installer
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\_igetintopc.com_maxon_app_2.1.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
Total events
18 222
Read events
18 196
Write events
25
Delete events
1

Modification events

(PID) Process:(6696) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:(6696) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
040000000E00000010000000030000000F000000000000000C0000000D0000000B000000050000000A000000090000000800000001000000070000000600000002000000FFFFFFFF
(PID) Process:(6696) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4
Operation:writeName:MRUListEx
Value:
040000000000000005000000020000000100000003000000FFFFFFFF
(PID) Process:(6696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Operation:writeName:Locked
Value:
1
(PID) Process:(6696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Ribbon
Operation:writeName:MinimizedStateTabletModeOff
Value:
0
(PID) Process:(6696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Ribbon
Operation:writeName:QatItems
Value:
3C7369713A637573746F6D554920786D6C6E733A7369713D22687474703A2F2F736368656D61732E6D6963726F736F66742E636F6D2F77696E646F77732F323030392F726962626F6E2F716174223E3C7369713A726962626F6E206D696E696D697A65643D2266616C7365223E3C7369713A71617420706F736974696F6E3D2230223E3C7369713A736861726564436F6E74726F6C733E3C7369713A636F6E74726F6C206964513D227369713A3136313238222076697369626C653D2266616C73652220617267756D656E743D223022202F3E3C7369713A636F6E74726F6C206964513D227369713A3136313239222076697369626C653D2266616C73652220617267756D656E743D223022202F3E3C7369713A636F6E74726F6C206964513D227369713A3132333532222076697369626C653D2266616C73652220617267756D656E743D223022202F3E3C7369713A636F6E74726F6C206964513D227369713A3132333834222076697369626C653D22747275652220617267756D656E743D223022202F3E3C7369713A636F6E74726F6C206964513D227369713A3132333336222076697369626C653D22747275652220617267756D656E743D223022202F3E3C7369713A636F6E74726F6C206964513D227369713A3132333537222076697369626C653D2266616C73652220617267756D656E743D223022202F3E3C2F7369713A736861726564436F6E74726F6C733E3C2F7369713A7161743E3C2F7369713A726962626F6E3E3C2F7369713A637573746F6D55493E
(PID) Process:(6696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser
Operation:writeName:ITBar7Layout
Value:
13000000000000000000000020000000100000000000000001000000010700005E01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6696) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\119\Shell
Operation:writeName:SniffedFolderType
Value:
Documents
(PID) Process:(6696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
95
(PID) Process:(1988) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe
Operation:writeName:DisableExceptionChainValidation
Value:
0
Executable files
305
Suspicious files
18
Text files
41
Unknown types
2

Dropped files

PID
Process
Filename
Type
1884_igetintopc.com_Maxon_App_2.1.0.exeC:\Users\admin\AppData\Local\Temp\7zSC57C798F\packages\com.redgiant.branding.zipcompressed
MD5:1513310F4CED4F22F6CE00FFDF2961A8
SHA256:BCDD3BC9564B29B6F152807C8C7ADB5F2A3BD275A635C8D3D4062291CB877F3B
1884_igetintopc.com_Maxon_App_2.1.0.exeC:\Users\admin\AppData\Local\Temp\7zSC57C798F\packages\com.redgiant.app.zipcompressed
MD5:67B17FF6F6FAF4D93819F372C1D05B58
SHA256:2B9E276E7621EDE47C7E157256CEEB0EA81355D80D8ED6DE81096B5F1E53F8F3
1884_igetintopc.com_Maxon_App_2.1.0.exeC:\Users\admin\AppData\Local\Temp\7zSC57C798F\packages\com.redgiant.service.zipcompressed
MD5:A6C63A0BA68CAADEE87AD99CA76E6588
SHA256:C204BE2C2967E4731E49901D51CBF523D4271114E889BEA5C170613FE3DEFD9A
1884_igetintopc.com_Maxon_App_2.1.0.exeC:\Users\admin\AppData\Local\Temp\7zSC57C798F\packages\com.redgiant.vcredist-x64-2012.zipcompressed
MD5:99E84FD3559704727402D65D44EB973E
SHA256:6872A9BF479348F0BC6CF71178EAD86B4E47168896647722FA8249F4FE258A68
1884_igetintopc.com_Maxon_App_2.1.0.exeC:\Users\admin\AppData\Local\Temp\7zSC57C798F\packages\net.maxon.mxnotify.zipcompressed
MD5:CA8F737DA3A5541048CB735FC593455B
SHA256:2D5E6B28BB20469CD18E05B49C532C641A9CDE91E616F7100DEE3FA07343FDDF
1884_igetintopc.com_Maxon_App_2.1.0.exeC:\Users\admin\AppData\Local\Temp\7zSC57C798F\packages\com.redgiant.rguninstaller.zipcompressed
MD5:481BA55C1A79AAF08E2DDA2884BB8E25
SHA256:86260CC408852BBEF163B8B0C518060969FB607A76BD7E15F44EDDAC354FDB18
1884_igetintopc.com_Maxon_App_2.1.0.exeC:\Users\admin\AppData\Local\Temp\7zSC57C798F\packages\com.redgiant.vcredist-x64-2019.zipcompressed
MD5:66710D9E8D1DD5DCF3672EDC8B18CA68
SHA256:F40F8E805895D38DA4C707A9B54C4C958EA1305828A8653DD0B58FECBC899528
1884_igetintopc.com_Maxon_App_2.1.0.exeC:\Users\admin\AppData\Local\Temp\7zSC57C798F\packages\net.maxon.app.jsonbinary
MD5:C8ECE23E4E6C5BD44DA3FF7F64B5BD04
SHA256:7D41506A405D39B2598CCCA53BD15885CE76CD41C28D6C27BDC1E624708C9B44
6928MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU210D.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:6A1E9BE93BE494F065801697A957319F
SHA256:37F3F1B62B492F160377610887C33D67953049F216C5F83FB6714AE43705E8F6
6460mxredirect.exeC:\ProgramData\Maxon\Service\mxredirect.log.configtext
MD5:9628831EB81C5402239C6E219D6E8C25
SHA256:8C8F1A38C7CDF304E01B6D3C4227E0D79F34BE23E05D20A4070EFA25FBBEB58A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
24
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4744
svchost.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
304
13.107.42.16:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.145.49?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_edgeupdate=6&appConsentState_edgeupdate=0&appDayOfInstall_edgeupdate=0&appInstallTimeDiffSec_edgeupdate=0&appLastLaunchTime_edgeupdate=0&appVersion_edgeupdate=1.3.145.49&appUpdateCheckIsUpdateDisabled_edgeupdate=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=4&hwPhysmemory=4&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osPlatform=win&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=taggedmi&requestIsMachine=true&requestOmahaShellVersion=1.3.147.37&requestOmahaVersion=1.3.145.49
unknown
POST
200
20.42.73.30:443
https://browser.pipe.aria.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-CJS-1.2.0&x-apikey=33d70a864599496b982a39f036f71122-2064703e-3a9d-4d90-8362-eec08dffe8e8-7176
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
239.255.255.250:1900
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4744
svchost.exe
23.52.120.96:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5336
SearchApp.exe
20.42.73.30:443
browser.pipe.aria.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1988
MicrosoftEdgeUpdate.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
whitelisted
google.com
  • 142.250.185.110
whitelisted
www.microsoft.com
  • 23.52.120.96
whitelisted
browser.pipe.aria.microsoft.com
  • 20.42.73.30
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
_igetintopc.com_Maxon_App_2.1.0.exe