URL:

https://mega.nz/file/Y8IxRTiB#3KLJbP6amzNPoVppqed57cquDETmzCqjqyHRGMMbwzg

Full analysis: https://app.any.run/tasks/19ce6f2b-db9f-4cb7-a9ee-3335a84def26
Verdict: Malicious activity
Analysis date: June 12, 2025, 19:17:40
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
upx
crypto-regex
Indicators:
MD5:

DA28B8B644340A66CEEEEE80F6D5825D

SHA1:

D09253B2807517C7245387A864F0EF25AF96EEC2

SHA256:

E16E8192FB62833C19677A0A5640E2600857D16AF1C33ED6A8204C4496382F12

SSDEEP:

3:N8X/iU3xxWOBjnZOU9t3cHsC:2f3XWOBjnwQSMC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Adds path to the Windows Defender exclusion list

      • Mail Checker.exe (PID: 1812)
      • QBFRMDZ.exe (PID: 7888)
      • QBFRMDZ.exe (PID: 7816)

    • Changes Windows Defender settings

      • Mail Checker.exe (PID: 1812)
      • QBFRMDZ.exe (PID: 7816)
      • QBFRMDZ.exe (PID: 7888)

    • Uses Task Scheduler to run other applications

      • QBFRMDZ.exe (PID: 7888)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 8072)

    • Reads security settings of Internet Explorer

      • Mail Checker.exe (PID: 8132)
      • Mail Checker.exe (PID: 1812)

    • Application launched itself

      • Mail Checker.exe (PID: 8132)

    • Script adds exclusion path to Windows Defender

      • Mail Checker.exe (PID: 1812)
      • QBFRMDZ.exe (PID: 7888)
      • QBFRMDZ.exe (PID: 7816)

    • Starts POWERSHELL.EXE for commands execution

      • Mail Checker.exe (PID: 1812)
      • QBFRMDZ.exe (PID: 7888)
      • QBFRMDZ.exe (PID: 7816)

    • Executing commands from a ".bat" file

      • Mail Checker.exe (PID: 1812)

    • Found regular expressions for crypto-addresses (YARA)

      • Mail Checker.exe (PID: 1812)

    • Starts CMD.EXE for commands execution

      • Mail Checker.exe (PID: 1812)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 7556)

    • The process executes via Task Scheduler

      • QBFRMDZ.exe (PID: 7816)

  • INFO

    • Reads Environment values

      • identity_helper.exe (PID: 7824)

    • Application launched itself

      • msedge.exe (PID: 6936)

    • Reads the computer name

      • identity_helper.exe (PID: 7824)
      • Mail Checker.exe (PID: 8132)
      • Mail Checker.exe (PID: 1812)

    • Checks supported languages

      • identity_helper.exe (PID: 7824)
      • Mail Checker.exe (PID: 8132)
      • Mail Checker.exe (PID: 1812)

    • Manual execution by a user

      • WinRAR.exe (PID: 6492)
      • WinRAR.exe (PID: 8072)
      • Mail Checker.exe (PID: 8132)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 8072)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 8072)

    • Process checks computer location settings

      • Mail Checker.exe (PID: 8132)
      • Mail Checker.exe (PID: 1812)

    • Creates files in the program directory

      • Mail Checker.exe (PID: 1812)

    • UPX packer has been detected

      • Mail Checker.exe (PID: 1812)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
193
Monitored processes
53
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs winrar.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs mail checker.exe no specs mail checker.exe powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs slui.exe no specs cmd.exe no specs conhost.exe no specs timeout.exe no specs qbfrmdz.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs qbfrmdz.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1056\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1636\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1700"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6208,i,10859976601688358768,1477419228303681494,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1812"C:\Users\admin\Downloads\Mail Checker - IMAP POP3 HOTMAIL\Mail Checker - IMAP POP3 HOTMAIL\Mail Checker - IMAP POP3 HOTMAIL\Mail Checker.exe" C:\Users\admin\Downloads\Mail Checker - IMAP POP3 HOTMAIL\Mail Checker - IMAP POP3 HOTMAIL\Mail Checker - IMAP POP3 HOTMAIL\Mail Checker.exe
Mail Checker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Logon Application
Exit code:
0
Version:
10.0.17134.1
Modules
Images
c:\users\admin\downloads\mail checker - imap pop3 hotmail\mail checker - imap pop3 hotmail\mail checker - imap pop3 hotmail\mail checker.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1948"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x294,0x298,0x29c,0x28c,0x2a4,0x7ffc439ef208,0x7ffc439ef214,0x7ffc439ef220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2228\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2596"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5768,i,10859976601688358768,1477419228303681494,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2760"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3612,i,10859976601688358768,1477419228303681494,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3108"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=6636,i,10859976601688358768,1477419228303681494,262144 --variations-seed-version --mojo-platform-channel-handle=7548 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3724"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3668,i,10859976601688358768,1477419228303681494,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
40 441
Read events
40 380
Write events
57
Delete events
4

Modification events

(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:L1WatermarkLowPart
Value:
0
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:L1WatermarkHighPart
Value:
0
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
0
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
0
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31185870
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
Executable files
8
Suspicious files
267
Text files
174
Unknown types
25

Dropped files

PID
Process
Filename
Type
6936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1764c5.TMP
MD5:
SHA256:
6936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF1764d4.TMP
MD5:
SHA256:
6936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
6936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
6936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF176503.TMP
MD5:
SHA256:
6936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
6936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF176503.TMP
MD5:
SHA256:
6936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF176503.TMP
MD5:
SHA256:
6936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
113
DNS requests
77
Threats
28

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.48.23.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4476
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6532
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:aKwIlz4RZgh7655rtkqG_2B8t7JRNHDEhN1-8Bb8Bv8&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
1268
svchost.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
8052
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
8052
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7156
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1750016057&P2=404&P3=2&P4=iDE0m9zP81IlC49H0KAcblEioNzAVs4wzI1x3mvAzP8Hd95wtrsUeAJFC4oGu6TKzw%2fjvBib2H9sYniZ17uL7A%3d%3d
unknown
whitelisted
7156
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1750016057&P2=404&P3=2&P4=iDE0m9zP81IlC49H0KAcblEioNzAVs4wzI1x3mvAzP8Hd95wtrsUeAJFC4oGu6TKzw%2fjvBib2H9sYniZ17uL7A%3d%3d
unknown
whitelisted
7156
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1750016057&P2=404&P3=2&P4=iDE0m9zP81IlC49H0KAcblEioNzAVs4wzI1x3mvAzP8Hd95wtrsUeAJFC4oGu6TKzw%2fjvBib2H9sYniZ17uL7A%3d%3d
unknown
whitelisted
7156
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4c4fdee0-d69c-42b7-bf5c-3ec046e9dfc9?P1=1750016058&P2=404&P3=2&P4=W873rbNIX4aje7aPgS0SDugJT4meDm4jhjV4eeusbuAMcl10KY6aK94UuI2BmKdm8DlqKlbG8Ntfg5OxXc2Blw%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1268
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
7052
RUXIMICS.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5944
MoUsoCoreWorker.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
6532
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6532
msedge.exe
31.216.144.5:443
mega.nz
Datacenter Luxembourg S.A.
LU
whitelisted
6532
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6532
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6532
msedge.exe
2.16.204.153:443
copilot.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.78
whitelisted
mega.nz
  • 31.216.144.5
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
copilot.microsoft.com
  • 2.16.204.153
  • 2.16.204.141
whitelisted
www.bing.com
  • 2.16.204.144
  • 2.16.204.135
  • 2.16.204.153
  • 2.16.204.145
  • 2.16.204.138
  • 2.16.204.142
  • 2.16.204.151
  • 2.16.204.147
  • 2.16.204.136
  • 2.16.204.156
  • 2.16.204.140
  • 2.16.204.134
  • 2.16.204.139
  • 2.16.204.148
whitelisted
eu.static.mega.co.nz
  • 66.203.124.37
  • 66.203.127.11
  • 89.44.169.134
  • 66.203.127.13
whitelisted
xpaywalletcdn.azureedge.net
  • 13.107.253.45
whitelisted
g.api.mega.co.nz
  • 66.203.125.14
  • 66.203.125.11
  • 66.203.125.15
  • 66.203.125.13
  • 66.203.125.12
whitelisted
arc.msn.com
  • 20.31.169.57
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Misc activity
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (mega .nz)
6532
msedge.exe
Misc activity
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (mega .nz)
6532
msedge.exe
Misc activity
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (mega .nz)
6532
msedge.exe
Misc activity
ET FILE_SHARING File Sharing Domain Observed in TLS SNI (mega .nz)
6532
msedge.exe
Misc activity
ET FILE_SHARING Observed DNS Query to Filesharing Service (mega .co .nz)
6532
msedge.exe
Misc activity
ET FILE_SHARING File Sharing Domain Observed in TLS SNI (mega .nz)
6532
msedge.exe
Misc activity
ET FILE_SHARING File Sharing Domain Observed in TLS SNI (mega .nz)
6532
msedge.exe
Misc activity
ET FILE_SHARING Observed DNS Query to Filesharing Service (mega .co .nz)
6532
msedge.exe
Misc activity
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (mega .nz)
6532
msedge.exe
Misc activity
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (mega .nz)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://mega.nz/file/Y8IxRTiB#3KLJbP6amzNPoVppqed57cquDETmzCqjqyHRGMMbwzg