File name:

BlackCat_Config.exe.bak

Full analysis: https://app.any.run/tasks/aac1bc81-ed4f-497d-a4eb-72ff34f18c70
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: June 21, 2025, 19:47:41
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
ransomware
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections
MD5:

C681038BC738FF0A816176C4CD21150C

SHA1:

C5181892AFDE538C73109B4C83E2A2730EB9014D

SHA256:

C5AD3534E1C939661B71F56144D19FF36E9EA365FDB47E4F8E2D267C39376486

SSDEEP:

98304:OM0DmKlG69/oef51paOWR19S/Sel1O9pJW:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Known privilege escalation attack

      • dllhost.exe (PID: 7124)

    • Antivirus name has been found in the command line (generic signature)

      • cmd.exe (PID: 1760)

    • Deletes shadow copies

      • cmd.exe (PID: 2320)

    • RANSOMWARE has been detected

      • cat.exe (PID: 6936)

    • Renames files like ransomware

      • cat.exe (PID: 6936)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • cat.exe (PID: 2660)
      • cat.exe (PID: 6936)
      • cat.exe (PID: 5620)
      • cmd.exe (PID: 5992)

    • Uses WMIC.EXE to obtain Windows Installer data

      • cmd.exe (PID: 6128)
      • cmd.exe (PID: 6652)
      • cmd.exe (PID: 4648)

    • Accesses product unique identifier via WMI (SCRIPT)

      • WMIC.exe (PID: 2280)
      • WMIC.exe (PID: 4684)
      • WMIC.exe (PID: 4456)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 2072)

    • Process uses ARP to discover network configuration

      • cmd.exe (PID: 5060)

    • Executes as Windows Service

      • VSSVC.exe (PID: 1352)

    • Application launched itself

      • cat.exe (PID: 6936)
      • cmd.exe (PID: 5992)

    • Creates file in the systems drive root

      • cat.exe (PID: 6936)

    • Executable content was dropped or overwritten

      • cat.exe (PID: 6936)

    • Process drops legitimate windows executable

      • cat.exe (PID: 6936)

    • Reads security settings of Internet Explorer

      • ShellExperienceHost.exe (PID: 788)

    • The process creates files with name similar to system file names

      • cat.exe (PID: 6936)

  • INFO

    • Checks supported languages

      • BlackCat_Config.exe.bak.exe (PID: 6584)
      • cat.exe (PID: 6404)
      • cat.exe (PID: 2660)
      • cat.exe (PID: 6748)
      • cat.exe (PID: 6936)
      • cat.exe (PID: 5620)
      • ShellExperienceHost.exe (PID: 788)

    • Manual execution by a user

      • cmd.exe (PID: 7008)
      • notepad.exe (PID: 1128)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 2280)
      • dllhost.exe (PID: 7124)
      • WMIC.exe (PID: 4684)
      • WMIC.exe (PID: 4456)
      • notepad.exe (PID: 1128)

    • Reads the computer name

      • cat.exe (PID: 2660)
      • cat.exe (PID: 6936)
      • cat.exe (PID: 5620)
      • ShellExperienceHost.exe (PID: 788)

    • Reads the machine GUID from the registry

      • cat.exe (PID: 2660)
      • cat.exe (PID: 6936)
      • cat.exe (PID: 5620)

    • The sample compiled with english language support

      • cat.exe (PID: 6936)

    • Creates files in the program directory

      • cat.exe (PID: 6936)

    • The sample compiled with russian language support

      • cat.exe (PID: 6936)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:12:10 16:34:25+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Large address aware, 32-bit, No debug
PEType: PE32
LinkerVersion: 2.3
CodeSize: 2110976
InitializedDataSize: 3078144
UninitializedDataSize: 1536
EntryPoint: 0x14c0
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
183
Monitored processes
42
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start blackcat_config.exe.bak.exe no specs cmd.exe no specs conhost.exe no specs cat.exe no specs slui.exe no specs cat.exe no specs cat.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs CMSTPLUA THREAT cat.exe cmd.exe no specs conhost.exe no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs fsutil.exe no specs cmd.exe no specs conhost.exe no specs fsutil.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs reg.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs vssadmin.exe no specs arp.exe no specs vssvc.exe no specs cat.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs shellexperiencehost.exe no specs notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
788"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mcaC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Shell Experience Host
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\wincorlib.dll
1128"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\RECOVER-b5o8ph3-FILES.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
1352C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1760"C:\WINDOWS\system32\cmd.exe" /c "iisreset.exe /stop"C:\Windows\SysWOW64\cmd.execat.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2072"C:\WINDOWS\system32\cmd.exe" /c "reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters /v MaxMpxCt /d 65535 /t REG_DWORD /f"C:\Windows\SysWOW64\cmd.execat.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2280wmic csproduct get UUIDC:\Windows\SysWOW64\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\framedynos.dll
2320"C:\WINDOWS\system32\cmd.exe" /c "vssadmin.exe delete shadows /all /quiet"C:\Windows\System32\cmd.execat.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
2
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
2620reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters /v MaxMpxCt /d 65535 /t REG_DWORD /fC:\Windows\SysWOW64\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2660cat.exe --access-token 12345C:\Users\admin\Desktop\cat.execmd.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\cat.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
2808\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
4 123
Read events
4 111
Write events
12
Delete events
0

Modification events

(PID) Process:(7140) fsutil.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem
Operation:writeName:SymlinkRemoteToLocalEvaluation
Value:
1
(PID) Process:(6364) fsutil.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem
Operation:writeName:SymlinkRemoteToRemoteEvaluation
Value:
1
(PID) Process:(3884) ARP.EXEKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters
Operation:writeName:TrapPollTimeMilliSecs
Value:
15000
(PID) Process:(2620) reg.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters
Operation:writeName:MaxMpxCt
Value:
65535
(PID) Process:(788) ShellExperienceHost.exeKey:\REGISTRY\A\{5d2e5970-5cb8-5559-f2bb-f3b88f5097ce}\LocalState
Operation:writeName:PeekBadges
Value:
5B005D00000069CD0F81E5E2DB01
(PID) Process:(788) ShellExperienceHost.exeKey:\REGISTRY\A\{5d2e5970-5cb8-5559-f2bb-f3b88f5097ce}\LocalState
Operation:writeName:PeekBadges
Value:
5B005D00000039DEC784E5E2DB01
(PID) Process:(788) ShellExperienceHost.exeKey:\REGISTRY\A\{5d2e5970-5cb8-5559-f2bb-f3b88f5097ce}\LocalState
Operation:writeName:PeekBadges
Value:
5B005D000000402FC884E5E2DB01
(PID) Process:(788) ShellExperienceHost.exeKey:\REGISTRY\A\{5d2e5970-5cb8-5559-f2bb-f3b88f5097ce}\LocalState
Operation:writeName:PeekBadges
Value:
5B005D0000002E527A88E5E2DB01
(PID) Process:(788) ShellExperienceHost.exeKey:\REGISTRY\A\{5d2e5970-5cb8-5559-f2bb-f3b88f5097ce}\LocalState
Operation:writeName:PeekBadges
Value:
5B005D00000089A97B88E5E2DB01
(PID) Process:(788) ShellExperienceHost.exeKey:\REGISTRY\A\{5d2e5970-5cb8-5559-f2bb-f3b88f5097ce}\LocalState
Operation:writeName:PeekBadges
Value:
5B005D00000041748188E5E2DB01
Executable files
75
Suspicious files
1 486
Text files
1 095
Unknown types
0

Dropped files

PID
Process
Filename
Type
6936cat.exe\\?\Volume{2f5c5e73-85a9-11eb-90a8-9a9b76358421}\Recovery\WindowsRE\Winre.wim.b5o8ph3
MD5:
SHA256:
6936cat.exe\\?\Volume{eaf65672-68c3-4f99-8d5c-104b5f4d8fff}\Recovery\WindowsRE\Winre.wim.b5o8ph3
MD5:
SHA256:
6936cat.exeC:\bootTel.dat.b5o8ph3binary
MD5:5C95D04D8A6FEF2C823E9538BD0A1B38
SHA256:FDD46368879C37E8002FE3CD17BF800A066B3D5A870DCE8B8D69D19C4513D485
6936cat.exeC:\$WinREAgent\RollbackInfo.ini.b5o8ph3text
MD5:1BA768628572FE692830D1309623B2DB
SHA256:3E8C88C4D47E4F418D804BB8F485504B30CFD7CD5F8F773FAC679234EC411466
6936cat.exeC:\BOOTNXT.b5o8ph3binary
MD5:93B885ADFE0DA089CDF634904FD59F71
SHA256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
6936cat.exe\\?\Volume{2f5c5e73-85a9-11eb-90a8-9a9b76358421}\Recovery\WindowsRE\boot.sdi.b5o8ph3binary
MD5:22D9945B4AAE36DD59620A918F2E65F4
SHA256:CD2C00CE027687CE4A8BDC967F26A8AB82F651C9BECD703658BA282EC49702BD
6936cat.exeC:\$WinREAgent\RECOVER-b5o8ph3-FILES.txttext
MD5:2F09EAE2535689661E511582CB5F0D48
SHA256:030B575ABF2B5C965A40438B989177C478294E63521457760BB3BD1C2478D4DB
6936cat.exe\\?\Volume{2f5c5e71-85a9-11eb-90a8-9a9b76358421}\checkpoints-NvVars.b5o8ph3binary
MD5:BC95C7CDB3BFD0FE7895CBE1AB0FF0F1
SHA256:1C4C5938713C7E21936327771034E5497DA183FF69D02C0DD599F6F73201C9D9
6936cat.exeC:\RECOVER-b5o8ph3-FILES.txttext
MD5:2F09EAE2535689661E511582CB5F0D48
SHA256:030B575ABF2B5C965A40438B989177C478294E63521457760BB3BD1C2478D4DB
6936cat.exe\\?\Volume{2f5c5e71-85a9-11eb-90a8-9a9b76358421}\NvVars.b5o8ph3binary
MD5:375C77E9FF58D8E3692990C24B8C6AC5
SHA256:A401124F4F5FDED7BE97171A96C46D2BCCF95629F5242EF41D896ADEA35F37E8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
41
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5012
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
23.55.104.172:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5328
SearchApp.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
2620
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2940
svchost.exe
GET
200
69.192.161.44:80
http://x1.c.lencr.org/
unknown
whitelisted
2620
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5328
SearchApp.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5476
RUXIMICS.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5328
SearchApp.exe
2.16.241.201:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5328
SearchApp.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
23.55.104.172:80
crl.microsoft.com
Akamai International B.V.
US
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.78
whitelisted
www.bing.com
  • 2.16.241.201
  • 2.16.241.218
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 23.55.104.172
  • 23.55.104.190
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
login.live.com
  • 20.190.160.67
  • 40.126.32.134
  • 40.126.32.136
  • 20.190.160.4
  • 40.126.32.74
  • 20.190.160.64
  • 20.190.160.22
  • 40.126.32.68
whitelisted
fp.msedge.net
  • 204.79.197.222
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
th.bing.com
  • 2.16.241.201
  • 2.16.241.218
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BlackCat_Config.exe.bak