URL:

https://copytrans.studio/download/

Full analysis: https://app.any.run/tasks/0f0669e3-3948-4b18-93ed-ccc2845caa1a
Verdict: Malicious activity
Analysis date: July 21, 2025, 20:52:36
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
inno
installer
Indicators:
MD5:

19084879B030B716C846A9E5EB8E1543

SHA1:

EE308F81D853066C0C0650B7B1AA9EED11C92B3F

SHA256:

E0DA86BDB44A8EC60D6CC4444ED390E3A200A53E44B488C788F5E1476C8C8993

SSDEEP:

3:N8X2CLWiRVKKBJCn:2mCLXRVn4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • CopyTransHEICforWindows.tmp (PID: 8076)
      • CopyTransStudiov1.058.tmp (PID: 7324)

    • Changes the autorun value in the registry

      • reg.exe (PID: 7892)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • CopyTransStudiov1.058.tmp (PID: 8152)
      • CopyTransHEICforWindows.tmp (PID: 2728)

    • Executable content was dropped or overwritten

      • CopyTransStudiov1.058.exe (PID: 7824)
      • CopyTransStudiov1.058.exe (PID: 4060)
      • CopyTransStudiov1.058.tmp (PID: 7324)
      • CopyTransViewerInstaller.exe (PID: 8172)
      • CopyTransHEICforWindows.exe (PID: 2192)
      • CopyTransHEICforWindows.exe (PID: 5612)
      • CopyTransViewerInstaller.tmp (PID: 6228)
      • CopyTransHEICforWindows.tmp (PID: 8076)

    • Reads the Windows owner or organization settings

      • CopyTransStudiov1.058.tmp (PID: 7324)
      • CopyTransViewerInstaller.tmp (PID: 6228)
      • CopyTransHEICforWindows.tmp (PID: 8076)

    • Executes as Windows Service

      • VSSVC.exe (PID: 8068)

    • Searches for installed software

      • dllhost.exe (PID: 2276)
      • CopyTransHEICforWindows.tmp (PID: 8076)
      • CopyTransStudiov1.058.tmp (PID: 7324)

    • Changes default file association

      • CopyTransViewerInstaller.tmp (PID: 6228)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 4664)
      • regsvr32.exe (PID: 4528)
      • CopyTransStudiov1.058.tmp (PID: 7324)

    • Starts POWERSHELL.EXE for commands execution

      • CopyTransHEICforWindows.tmp (PID: 2728)

    • Uses REG/REGEDIT.EXE to modify registry

      • CopyTransStudiov1.058.tmp (PID: 8152)

  • INFO

    • Checks supported languages

      • identity_helper.exe (PID: 8028)
      • CopyTransStudiov1.058.exe (PID: 7824)
      • CopyTransStudiov1.058.tmp (PID: 8152)
      • CopyTransStudiov1.058.exe (PID: 4060)
      • CopyTransStudiov1.058.tmp (PID: 7324)
      • CopyTransViewerInstaller.exe (PID: 8172)
      • CopyTransViewerInstaller.tmp (PID: 6228)
      • CopyTransHEICforWindows.exe (PID: 2192)
      • CopyTransHEICforWindows.tmp (PID: 2728)
      • CopyTransHEICforWindows.exe (PID: 5612)
      • CopyTransHEICforWindows.tmp (PID: 8076)
      • CopyTransHEICSparsePackageReg.exe (PID: 7920)

    • Application launched itself

      • msedge.exe (PID: 2964)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 2964)

    • Reads the computer name

      • identity_helper.exe (PID: 8028)
      • CopyTransStudiov1.058.tmp (PID: 8152)
      • CopyTransStudiov1.058.tmp (PID: 7324)
      • CopyTransViewerInstaller.tmp (PID: 6228)
      • CopyTransHEICforWindows.tmp (PID: 2728)
      • CopyTransHEICforWindows.tmp (PID: 8076)

    • Create files in a temporary directory

      • CopyTransStudiov1.058.exe (PID: 7824)
      • CopyTransStudiov1.058.exe (PID: 4060)
      • CopyTransStudiov1.058.tmp (PID: 7324)
      • CopyTransViewerInstaller.exe (PID: 8172)
      • CopyTransViewerInstaller.tmp (PID: 6228)
      • CopyTransHEICforWindows.exe (PID: 2192)
      • CopyTransHEICforWindows.exe (PID: 5612)
      • CopyTransHEICforWindows.tmp (PID: 8076)
      • CopyTransHEICSparsePackageReg.exe (PID: 7920)

    • Reads Environment values

      • identity_helper.exe (PID: 8028)

    • Process checks computer location settings

      • CopyTransStudiov1.058.tmp (PID: 8152)
      • CopyTransHEICforWindows.tmp (PID: 2728)

    • Compiled with Borland Delphi (YARA)

      • CopyTransStudiov1.058.tmp (PID: 8152)
      • CopyTransStudiov1.058.exe (PID: 7824)

    • Manages system restore points

      • SrTasks.exe (PID: 7332)

    • Detects InnoSetup installer (YARA)

      • CopyTransStudiov1.058.tmp (PID: 8152)
      • CopyTransStudiov1.058.exe (PID: 7824)

    • Creates files in the program directory

      • CopyTransStudiov1.058.tmp (PID: 7324)
      • CopyTransViewerInstaller.tmp (PID: 6228)
      • CopyTransHEICforWindows.tmp (PID: 8076)
      • regsvr32.exe (PID: 4528)
      • regsvr32.exe (PID: 4664)
      • powershell.exe (PID: 7360)
      • powershell.exe (PID: 512)

    • The sample compiled with english language support

      • CopyTransStudiov1.058.tmp (PID: 7324)
      • CopyTransHEICforWindows.tmp (PID: 8076)

    • Reads the software policy settings

      • CopyTransStudiov1.058.tmp (PID: 7324)

    • Creates a software uninstall entry

      • CopyTransViewerInstaller.tmp (PID: 6228)
      • CopyTransHEICforWindows.tmp (PID: 8076)
      • CopyTransStudiov1.058.tmp (PID: 7324)

    • Launching a file from a Registry key

      • reg.exe (PID: 7892)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
197
Monitored processes
55
Malicious processes
7
Suspicious processes
4

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs copytransstudiov1.058.exe copytransstudiov1.058.tmp no specs copytransstudiov1.058.exe copytransstudiov1.058.tmp msedge.exe no specs msedge.exe no specs msedge.exe no specs SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs copytransviewerinstaller.exe copytransviewerinstaller.tmp copytransheicforwindows.exe slui.exe no specs copytransheicforwindows.tmp no specs copytransheicforwindows.exe copytransheicforwindows.tmp copytransheicsparsepackagereg.exe no specs conhost.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe conhost.exe no specs regsvr32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
512"powershell.exe" get-appxpackage Microsoft.HEVCVideoExtension | SELECT name | format-wide > C:\ProgramData\~execwithresult.txtC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCopyTransHEICforWindows.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1828"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x304,0x308,0x30c,0x2fc,0x314,0x7ffc4314f208,0x7ffc4314f214,0x7ffc4314f220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2192"C:\Program Files\CopyTrans Studio\CopyTransHEICforWindows.exe" /verysilent /norestartC:\Program Files\CopyTrans Studio\CopyTransHEICforWindows.exe
CopyTransStudiov1.058.tmp
User:
admin
Company:
Ursa Minor Ltd
Integrity Level:
MEDIUM
Description:
CopyTrans HEIC for Windows Setup
Exit code:
0
Version:
2.0.2.5
Modules
Images
c:\program files\copytrans studio\copytransheicforwindows.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\comctl32.dll
c:\windows\syswow64\advapi32.dll
2276C:\WINDOWS\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
2728"C:\Users\admin\AppData\Local\Temp\is-CE3B5.tmp\CopyTransHEICforWindows.tmp" /SL5="$30390,8083954,799744,C:\Program Files\CopyTrans Studio\CopyTransHEICforWindows.exe" /verysilent /norestartC:\Users\admin\AppData\Local\Temp\is-CE3B5.tmp\CopyTransHEICforWindows.tmpCopyTransHEICforWindows.exe
User:
admin
Company:
Ursa Minor Ltd
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-ce3b5.tmp\copytransheicforwindows.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\msvcrt.dll
2964"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://copytrans.studio/download/"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2976\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3556"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3584,i,15763445114410641295,18257111607065500105,262144 --variations-seed-version --mojo-platform-channel-handle=3708 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3624"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files (x86)\CopyTrans HEIC for Windows\CopyTransHEICforWindows.dll"C:\Windows\System32\regsvr32.exeCopyTransHEICforWindows.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4036"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2676,i,15763445114410641295,18257111607065500105,262144 --variations-seed-version --mojo-platform-channel-handle=2796 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
20 549
Read events
20 104
Write events
413
Delete events
32

Modification events

(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(2964) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
9F15BAF00C992F00
(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\394000
Operation:writeName:WindowTabManagerFileMappingId
Value:
{B879EE04-5FFB-451F-9828-DE3A1C1BC2EB}
(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\394000
Operation:writeName:WindowTabManagerFileMappingId
Value:
{5887D7AD-B1FF-4CA7-B2DB-ED63B0BE75B4}
(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\394000
Operation:writeName:WindowTabManagerFileMappingId
Value:
{9C8D881E-53B5-4D75-9E14-B8B0C33B59BF}
(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\394000
Operation:writeName:WindowTabManagerFileMappingId
Value:
{65A4C88F-AC0E-442E-AACC-1E7371A80666}
(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\394000
Operation:writeName:WindowTabManagerFileMappingId
Value:
{38DF0F7F-C0EA-41A6-A26C-FD169749C379}
Executable files
82
Suspicious files
240
Text files
171
Unknown types
33

Dropped files

PID
Process
Filename
Type
2964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF18d3a6.TMP
MD5:
SHA256:
2964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF18d3a6.TMP
MD5:
SHA256:
2964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
2964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF18d3a6.TMP
MD5:
SHA256:
2964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF18d5aa.TMP
MD5:
SHA256:
2964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
2964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF18d5ba.TMP
MD5:
SHA256:
2964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
2964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
2964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF18d5c9.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
108
DNS requests
101
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5716
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:5vVymsBzPRNTcD6yVyMl2dgMHlyGzH1Gvi_JaWcG8Rw&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
1268
svchost.exe
GET
200
23.55.110.211:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3644
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2964
msedge.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSdE3gf41WAic8Uh9lF92%2BIJqh5qwQUMuuSmv81lkgvKEBCcCA2kVwXheYCEGIdbQxSAZ47kHkVIIkhHAo%3D
unknown
whitelisted
2964
msedge.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEEj8k7RgVZSNNqfJionWlBY%3D
unknown
whitelisted
2964
msedge.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQVD%2BnGf79Hpedv3mhy6uKMVZkPCQQUDyrLIIcouOxvSK4rVKYpqhekzQwCEQC2XJ3xvLx7DdV%2B%2Bed2Ax4G
unknown
whitelisted
7996
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7996
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4916
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5716
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5716
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5716
msedge.exe
52.47.178.141:443
copytrans.studio
AMAZON-02
FR
unknown
5716
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5716
msedge.exe
2.16.241.224:443
copilot.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 52.137.106.217
  • 51.124.78.146
  • 51.104.136.2
whitelisted
google.com
  • 142.250.186.78
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
copytrans.studio
  • 52.47.178.141
unknown
copilot.microsoft.com
  • 2.16.241.224
  • 2.16.241.220
whitelisted
www.bing.com
  • 2.16.241.218
  • 2.16.241.205
  • 2.16.241.201
  • 2.16.241.207
whitelisted
cdnjs.cloudflare.com
  • 104.17.24.14
  • 104.17.25.14
whitelisted
embed.voomly.com
  • 13.33.187.97
  • 13.33.187.19
  • 13.33.187.3
  • 13.33.187.53
unknown
fonts.googleapis.com
  • 216.58.206.74
whitelisted

Threats

PID
Process
Class
Message
5716
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
5716
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
5716
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
5716
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
5716
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
5716
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
5716
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
5716
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://copytrans.studio/download/