File name:

BlackCat_Config.exe.bak

Full analysis: https://app.any.run/tasks/aac1bc81-ed4f-497d-a4eb-72ff34f18c70
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: June 21, 2025, 19:47:41
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
ransomware
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections
MD5:

C681038BC738FF0A816176C4CD21150C

SHA1:

C5181892AFDE538C73109B4C83E2A2730EB9014D

SHA256:

C5AD3534E1C939661B71F56144D19FF36E9EA365FDB47E4F8E2D267C39376486

SSDEEP:

98304:OM0DmKlG69/oef51paOWR19S/Sel1O9pJW:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Known privilege escalation attack

      • dllhost.exe (PID: 7124)

    • Antivirus name has been found in the command line (generic signature)

      • cmd.exe (PID: 1760)

    • Deletes shadow copies

      • cmd.exe (PID: 2320)

    • RANSOMWARE has been detected

      • cat.exe (PID: 6936)

    • Renames files like ransomware

      • cat.exe (PID: 6936)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • cat.exe (PID: 2660)
      • cat.exe (PID: 6936)
      • cat.exe (PID: 5620)
      • cmd.exe (PID: 5992)

    • Uses WMIC.EXE to obtain Windows Installer data

      • cmd.exe (PID: 6128)
      • cmd.exe (PID: 6652)
      • cmd.exe (PID: 4648)

    • Accesses product unique identifier via WMI (SCRIPT)

      • WMIC.exe (PID: 2280)
      • WMIC.exe (PID: 4684)
      • WMIC.exe (PID: 4456)

    • Process uses ARP to discover network configuration

      • cmd.exe (PID: 5060)

    • Application launched itself

      • cat.exe (PID: 6936)
      • cmd.exe (PID: 5992)

    • Creates file in the systems drive root

      • cat.exe (PID: 6936)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 2072)

    • Executes as Windows Service

      • VSSVC.exe (PID: 1352)

    • Process drops legitimate windows executable

      • cat.exe (PID: 6936)

    • Reads security settings of Internet Explorer

      • ShellExperienceHost.exe (PID: 788)

    • The process creates files with name similar to system file names

      • cat.exe (PID: 6936)

    • Executable content was dropped or overwritten

      • cat.exe (PID: 6936)

  • INFO

    • Checks supported languages

      • cat.exe (PID: 2660)
      • cat.exe (PID: 6748)
      • BlackCat_Config.exe.bak.exe (PID: 6584)
      • cat.exe (PID: 6404)
      • cat.exe (PID: 6936)
      • cat.exe (PID: 5620)
      • ShellExperienceHost.exe (PID: 788)

    • Manual execution by a user

      • cmd.exe (PID: 7008)
      • notepad.exe (PID: 1128)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 2280)
      • dllhost.exe (PID: 7124)
      • WMIC.exe (PID: 4684)
      • WMIC.exe (PID: 4456)
      • notepad.exe (PID: 1128)

    • Reads the computer name

      • cat.exe (PID: 2660)
      • cat.exe (PID: 6936)
      • ShellExperienceHost.exe (PID: 788)
      • cat.exe (PID: 5620)

    • Reads the machine GUID from the registry

      • cat.exe (PID: 2660)
      • cat.exe (PID: 6936)
      • cat.exe (PID: 5620)

    • Creates files in the program directory

      • cat.exe (PID: 6936)

    • The sample compiled with russian language support

      • cat.exe (PID: 6936)

    • The sample compiled with english language support

      • cat.exe (PID: 6936)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:12:10 16:34:25+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Large address aware, 32-bit, No debug
PEType: PE32
LinkerVersion: 2.3
CodeSize: 2110976
InitializedDataSize: 3078144
UninitializedDataSize: 1536
EntryPoint: 0x14c0
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
183
Monitored processes
42
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start blackcat_config.exe.bak.exe no specs cmd.exe no specs conhost.exe no specs cat.exe no specs slui.exe no specs cat.exe no specs cat.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs CMSTPLUA THREAT cat.exe cmd.exe no specs conhost.exe no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs fsutil.exe no specs cmd.exe no specs conhost.exe no specs fsutil.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs reg.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs vssadmin.exe no specs arp.exe no specs vssvc.exe no specs cat.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs shellexperiencehost.exe no specs notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
788"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mcaC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Shell Experience Host
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\wincorlib.dll
1128"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\RECOVER-b5o8ph3-FILES.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
1352C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1760"C:\WINDOWS\system32\cmd.exe" /c "iisreset.exe /stop"C:\Windows\SysWOW64\cmd.execat.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2072"C:\WINDOWS\system32\cmd.exe" /c "reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters /v MaxMpxCt /d 65535 /t REG_DWORD /f"C:\Windows\SysWOW64\cmd.execat.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2280wmic csproduct get UUIDC:\Windows\SysWOW64\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\framedynos.dll
2320"C:\WINDOWS\system32\cmd.exe" /c "vssadmin.exe delete shadows /all /quiet"C:\Windows\System32\cmd.execat.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
2
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
2620reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters /v MaxMpxCt /d 65535 /t REG_DWORD /fC:\Windows\SysWOW64\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2660cat.exe --access-token 12345C:\Users\admin\Desktop\cat.execmd.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\cat.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
2808\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
4 123
Read events
4 111
Write events
12
Delete events
0

Modification events

(PID) Process:(7140) fsutil.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem
Operation:writeName:SymlinkRemoteToLocalEvaluation
Value:
1
(PID) Process:(6364) fsutil.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem
Operation:writeName:SymlinkRemoteToRemoteEvaluation
Value:
1
(PID) Process:(3884) ARP.EXEKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters
Operation:writeName:TrapPollTimeMilliSecs
Value:
15000
(PID) Process:(2620) reg.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters
Operation:writeName:MaxMpxCt
Value:
65535
(PID) Process:(788) ShellExperienceHost.exeKey:\REGISTRY\A\{5d2e5970-5cb8-5559-f2bb-f3b88f5097ce}\LocalState
Operation:writeName:PeekBadges
Value:
5B005D00000069CD0F81E5E2DB01
(PID) Process:(788) ShellExperienceHost.exeKey:\REGISTRY\A\{5d2e5970-5cb8-5559-f2bb-f3b88f5097ce}\LocalState
Operation:writeName:PeekBadges
Value:
5B005D00000039DEC784E5E2DB01
(PID) Process:(788) ShellExperienceHost.exeKey:\REGISTRY\A\{5d2e5970-5cb8-5559-f2bb-f3b88f5097ce}\LocalState
Operation:writeName:PeekBadges
Value:
5B005D000000402FC884E5E2DB01
(PID) Process:(788) ShellExperienceHost.exeKey:\REGISTRY\A\{5d2e5970-5cb8-5559-f2bb-f3b88f5097ce}\LocalState
Operation:writeName:PeekBadges
Value:
5B005D0000002E527A88E5E2DB01
(PID) Process:(788) ShellExperienceHost.exeKey:\REGISTRY\A\{5d2e5970-5cb8-5559-f2bb-f3b88f5097ce}\LocalState
Operation:writeName:PeekBadges
Value:
5B005D00000089A97B88E5E2DB01
(PID) Process:(788) ShellExperienceHost.exeKey:\REGISTRY\A\{5d2e5970-5cb8-5559-f2bb-f3b88f5097ce}\LocalState
Operation:writeName:PeekBadges
Value:
5B005D00000041748188E5E2DB01
Executable files
75
Suspicious files
1 486
Text files
1 095
Unknown types
0

Dropped files

PID
Process
Filename
Type
6936cat.exe\\?\Volume{2f5c5e73-85a9-11eb-90a8-9a9b76358421}\Recovery\WindowsRE\Winre.wim.b5o8ph3
MD5:
SHA256:
6936cat.exe\\?\Volume{eaf65672-68c3-4f99-8d5c-104b5f4d8fff}\Recovery\WindowsRE\Winre.wim.b5o8ph3
MD5:
SHA256:
6936cat.exe\\?\Volume{eaf65672-68c3-4f99-8d5c-104b5f4d8fff}\Recovery\WindowsRE\RECOVER-b5o8ph3-FILES.txttext
MD5:2F09EAE2535689661E511582CB5F0D48
SHA256:030B575ABF2B5C965A40438B989177C478294E63521457760BB3BD1C2478D4DB
6936cat.exe\\?\Volume{2f5c5e73-85a9-11eb-90a8-9a9b76358421}\Recovery\WindowsRE\boot.sdi.b5o8ph3binary
MD5:22D9945B4AAE36DD59620A918F2E65F4
SHA256:CD2C00CE027687CE4A8BDC967F26A8AB82F651C9BECD703658BA282EC49702BD
6936cat.exeC:\RECOVER-b5o8ph3-FILES.txttext
MD5:2F09EAE2535689661E511582CB5F0D48
SHA256:030B575ABF2B5C965A40438B989177C478294E63521457760BB3BD1C2478D4DB
6936cat.exe\\?\Volume{2f5c5e71-85a9-11eb-90a8-9a9b76358421}\checkpoints-NvVars.b5o8ph3binary
MD5:BC95C7CDB3BFD0FE7895CBE1AB0FF0F1
SHA256:1C4C5938713C7E21936327771034E5497DA183FF69D02C0DD599F6F73201C9D9
6936cat.exe\\?\Volume{2f5c5e71-85a9-11eb-90a8-9a9b76358421}\NvVars.b5o8ph3binary
MD5:375C77E9FF58D8E3692990C24B8C6AC5
SHA256:A401124F4F5FDED7BE97171A96C46D2BCCF95629F5242EF41D896ADEA35F37E8
6936cat.exe\\?\Volume{2f5c5e73-85a9-11eb-90a8-9a9b76358421}\Recovery\WindowsRE\checkpoints-ReAgent.xml.b5o8ph3binary
MD5:4279D73E760DE8E7CB6CE903D2E1D5C1
SHA256:714718F984A0D84742B686A4A62A77FBD4821F0AA95A83CECC698CD57D710D31
6936cat.exe\\?\Volume{2f5c5e73-85a9-11eb-90a8-9a9b76358421}\Recovery\WindowsRE\ReAgent.xml.b5o8ph3xml
MD5:9CAF42F54EB378EA8DDD39A40E850120
SHA256:F1562C0A7468BB6069AE91CB6A5019F82C3A6432228D4DD64624DA87366F2A80
6936cat.exe\\?\Volume{eaf65672-68c3-4f99-8d5c-104b5f4d8fff}\Recovery\WindowsRE\ReAgent.xml.b5o8ph3xml
MD5:CC8F4479ACCDAD829F622369C1C91BB2
SHA256:2B50529F157707DE79A76B39344CD2526EB015B3CDA5727CC010537AA3CBF084
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
41
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.55.104.172:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5012
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5328
SearchApp.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
2620
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2620
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5328
SearchApp.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
2940
svchost.exe
GET
200
69.192.161.44:80
http://x1.c.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5476
RUXIMICS.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5328
SearchApp.exe
2.16.241.201:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5328
SearchApp.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
23.55.104.172:80
crl.microsoft.com
Akamai International B.V.
US
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.78
whitelisted
www.bing.com
  • 2.16.241.201
  • 2.16.241.218
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 23.55.104.172
  • 23.55.104.190
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
login.live.com
  • 20.190.160.67
  • 40.126.32.134
  • 40.126.32.136
  • 20.190.160.4
  • 40.126.32.74
  • 20.190.160.64
  • 20.190.160.22
  • 40.126.32.68
whitelisted
fp.msedge.net
  • 204.79.197.222
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
th.bing.com
  • 2.16.241.201
  • 2.16.241.218
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BlackCat_Config.exe.bak