File name:

bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exe

Full analysis: https://app.any.run/tasks/5f3cade4-235f-43bc-9c22-419d96b8dc61
Verdict: Malicious activity
Threats:

BlueSky ransomware, first identified in June 2022, shares code similarities with other well-known ransomware families like Conti and Babuk. It primarily spreads via phishing emails and malicious links and can propagate through networks using SMB protocols. BlueSky uses advanced evasion techniques, such as hiding its processes from debuggers via the NtSetInformationThread API, making it difficult for analysts to detect and mitigate its attacks.

Malware Trends Tracker     >>>
Analysis date: June 06, 2025, 15:45:06
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
possible-phishing
phish-url
bluesky
ransomware
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections
MD5:

5EF5CF7DD67AF3650824CBC49FFA9999

SHA1:

720714032A7A8EE72F034DDBB0578B910E6C9885

SHA256:

E75717BE1633B5E3602827DC3B5788FF691DD325B0EDDD2D0D9DDCEE29DE364F

SSDEEP:

1536:wBrE2D2ZjyKBQs8swOVWCqBTXdXu3+MkNCMm2i954:iBD2RfQ/7OVWS3+1rm2i954

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • RANSOMWARE has been detected

      • bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exe (PID: 8056)

    • Renames files like ransomware

      • bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exe (PID: 8056)

    • Bluesky note has been found

      • bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exe (PID: 8056)

  • SUSPICIOUS

    • Reads the date of Windows installation

      • bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exe (PID: 8056)

    • Possibly a phishing URL contains email has been detected

      • iexplore.exe (PID: 7420)

  • INFO

    • Creates files or folders in the user directory

      • bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exe (PID: 8056)

    • Reads the computer name

      • bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exe (PID: 8056)
      • identity_helper.exe (PID: 6668)

    • Checks supported languages

      • bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exe (PID: 8056)
      • identity_helper.exe (PID: 6668)

    • Reads the machine GUID from the registry

      • bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exe (PID: 8056)

    • Manual execution by a user

      • iexplore.exe (PID: 7420)
      • notepad.exe (PID: 7828)
      • rundll32.exe (PID: 456)
      • rundll32.exe (PID: 896)
      • rundll32.exe (PID: 5416)
      • rundll32.exe (PID: 5512)
      • rundll32.exe (PID: 4920)

    • Application launched itself

      • msedge.exe (PID: 7488)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 7828)

    • Reads Environment values

      • identity_helper.exe (PID: 6668)

    • Checks proxy server information

      • slui.exe (PID: 3884)

    • Reads the software policy settings

      • slui.exe (PID: 3884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2085:02:07 16:05:31+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 94.8
CodeSize: 67584
InitializedDataSize: 7168
UninitializedDataSize: -
EntryPoint: 0xe880
OSVersion: 5.1
ImageVersion: 48623.16013
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
167
Monitored processes
39
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #BLUESKY bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exe iexplore.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notepad.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs rundll32.exe no specs rundll32.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
456"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\admin\Downloads\southernbush.jpgC:\Windows\System32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
536"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5656 --field-trial-handle=2372,i,13634848387758270778,1163310403704739168,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
780"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5876 --field-trial-handle=2372,i,13634848387758270778,1163310403704739168,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
896"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\admin\Downloads\russiansettings.jpgC:\Windows\System32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
1188"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2364 --field-trial-handle=2372,i,13634848387758270778,1163310403704739168,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2152"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=2556 --field-trial-handle=2372,i,13634848387758270778,1163310403704739168,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2852"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=6416 --field-trial-handle=2372,i,13634848387758270778,1163310403704739168,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3208"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5928 --field-trial-handle=2372,i,13634848387758270778,1163310403704739168,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3884C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3996"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3476 --field-trial-handle=2372,i,13634848387758270778,1163310403704739168,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
9 255
Read events
9 232
Write events
23
Delete events
0

Modification events

(PID) Process:(8056) bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exeKey:HKEY_CURRENT_USER\SOFTWARE\EA408C6BF0D12F526F821798C3F54C9A
Operation:writeName:RECOVERYBLOB
Value:
7D614E11BB8F138F00394D703D3371332326BFE145E048BA1388CBA29A2469DDDE25E4271C3A4414E69C935E8F5DDE84B2BC216CB53F23DF159F6B567268CD368F85251CCA63CA08D458D4406201A353D0CFDB50F667283C1233AAD4073B5999401717D83AE938CC54FB86B60ECF3150490B3B31AA76C047
(PID) Process:(8056) bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exeKey:HKEY_CURRENT_USER\SOFTWARE\EA408C6BF0D12F526F821798C3F54C9A
Operation:writeName:x25519_public
Value:
177DE3C2FA9100D656D3FA62C1305D83B02B41EF46F31A5B030677750A100A01
(PID) Process:(8056) bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exeKey:HKEY_CURRENT_USER\SOFTWARE\EA408C6BF0D12F526F821798C3F54C9A
Operation:writeName:completed
Value:
0
(PID) Process:(7420) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7420) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7420) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7420) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(7420) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(7420) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:DisableFirstRunCustomize
Value:
1
(PID) Process:(7488) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
Executable files
0
Suspicious files
262
Text files
133
Unknown types
21

Dropped files

PID
Process
Filename
Type
8056bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exeC:\Users\admin\3D Objects\# DECRYPT FILES BLUESKY #.txttext
MD5:DEEE797D95F5382F52A1C5758116A1EB
SHA256:E1347DFCE970E81B903F5C0116F890C5998DB19F5B002DB3F0BAFCE0357E7244
8056bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exeC:\Users\admin\Desktop\connectionoutside.pngbinary
MD5:AEBBAD9F6266F2CAC421C3B0ABDEED0D
SHA256:A32FF3524D95DA518D596657D40E071DBE9E1F07B897FC3B771865F8FC3E4132
8056bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exeC:\Users\admin\AppData\Local\VirtualStore\# DECRYPT FILES BLUESKY #.htmlhtml
MD5:BD7AACD2879C8F5110764DD109879AE0
SHA256:38B59CC17A45AC47D7985AB547FC8A6F6C2EA6C91A7CE3FC6A3A1D68B1BF77CE
8056bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exeC:\Users\admin\Desktop\# DECRYPT FILES BLUESKY #.htmlhtml
MD5:BD7AACD2879C8F5110764DD109879AE0
SHA256:38B59CC17A45AC47D7985AB547FC8A6F6C2EA6C91A7CE3FC6A3A1D68B1BF77CE
8056bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exeC:\Users\admin\3D Objects\# DECRYPT FILES BLUESKY #.htmlhtml
MD5:BD7AACD2879C8F5110764DD109879AE0
SHA256:38B59CC17A45AC47D7985AB547FC8A6F6C2EA6C91A7CE3FC6A3A1D68B1BF77CE
8056bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exeC:\Users\admin\Contacts\# DECRYPT FILES BLUESKY #.txttext
MD5:DEEE797D95F5382F52A1C5758116A1EB
SHA256:E1347DFCE970E81B903F5C0116F890C5998DB19F5B002DB3F0BAFCE0357E7244
8056bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exeC:\Users\admin\Desktop\# DECRYPT FILES BLUESKY #.txttext
MD5:DEEE797D95F5382F52A1C5758116A1EB
SHA256:E1347DFCE970E81B903F5C0116F890C5998DB19F5B002DB3F0BAFCE0357E7244
8056bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exeC:\Users\admin\.ms-ad\# DECRYPT FILES BLUESKY #.htmlhtml
MD5:BD7AACD2879C8F5110764DD109879AE0
SHA256:38B59CC17A45AC47D7985AB547FC8A6F6C2EA6C91A7CE3FC6A3A1D68B1BF77CE
8056bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exeC:\Users\admin\Desktop\areawent.rtf.blueskybinary
MD5:BCF89EDCAE3C723EE894DCE11F62C5CD
SHA256:EDA7275ED33114B0EACC5E1888AD0A01A2A18B0E7777CC4122992E890506B8AF
8056bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exeC:\Users\admin\Desktop\increasesomeone.rtfbinary
MD5:BE59C3143C3FE2DF90F8033221176547
SHA256:B83BE0DDB6C0C9A9DD1AA3FCAB6D6C4300A096C2D1931797C8D90EA4EC14EB86
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
101
TCP/UDP connections
76
DNS requests
52
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=47&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
binary
839 b
whitelisted
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=122.0.2365.59&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
binary
295 b
whitelisted
GET
503
13.107.6.158:443
https://business.bing.com/work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox
unknown
html
12.3 Kb
whitelisted
GET
503
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
html
12.3 Kb
whitelisted
GET
200
13.107.253.45:443
https://edge-mobile-static.azureedge.net/eccp/get?settenant=edge-config&setplatform=win&setmkt=en-US&setchannel=stable
unknown
binary
16.0 Kb
whitelisted
POST
200
40.126.31.3:443
https://login.live.com/RST2.srf
unknown
xml
11.0 Kb
whitelisted
GET
503
13.107.6.158:443
https://business.bing.com/work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox
unknown
html
12.3 Kb
whitelisted
GET
503
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
html
12.3 Kb
whitelisted
GET
503
13.107.6.158:443
https://business.bing.com/work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox
unknown
html
12.3 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
20.190.159.129:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
6544
svchost.exe
23.54.109.203:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
7552
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2112
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2560
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7552
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2152
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.174
whitelisted
ocsp.digicert.com
  • 23.54.109.203
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.253.45
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.250
whitelisted
update.googleapis.com
  • 142.250.185.67
whitelisted
edgeservices.bing.com
  • 92.123.104.47
  • 92.123.104.31
  • 92.123.104.19
  • 92.123.104.59
  • 92.123.104.67
  • 92.123.104.52
  • 92.123.104.32
  • 92.123.104.40
  • 92.123.104.34
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO Possible Chrome Plugin install
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
bsky_9_e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de36.exe