URL:

https://pastelink.net/0rh41yaf

Full analysis: https://app.any.run/tasks/64c6b0fa-ed13-4c25-9c7d-6242ce8a4e04
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 18, 2025, 16:37:45
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
loader
delphi
inno
installer
unknown
Indicators:
MD5:

DA8AF2FD9B6BB6284E55F4E27CAB3620

SHA1:

7861709091696A53EC25BEA01B0C2397D6FEE525

SHA256:

F344C3083F4DDCB9684DAFF74DA574883D8C29AB32DC1BA6C6D39673C70901D1

SSDEEP:

3:N8AWsd0AR8n:2AI3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • setup.exe (PID: 7252)
      • hjksfcj.exe (PID: 7748)
      • DistriCompiler89.exe (PID: 3888)
      • DistriCompiler89.exe (PID: 7884)
      • hjksfqo.exe (PID: 4000)
      • DistriCompiler89.exe (PID: 4736)
      • VirtuServer128.exe (PID: 5556)

    • Actions looks like stealing of personal data

      • setup.exe (PID: 7252)

    • Steals credentials from Web Browsers

      • setup.exe (PID: 7252)

    • Known privilege escalation attack

      • dllhost.exe (PID: 8684)

  • SUSPICIOUS

    • Application launched itself

      • WinRAR.exe (PID: 5756)
      • WinRAR.exe (PID: 516)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 1164)
      • WinRAR.exe (PID: 5756)
      • WinRAR.exe (PID: 516)

    • Executable content was dropped or overwritten

      • setup.exe (PID: 7252)
      • hjksfcj.exe (PID: 7748)
      • DistriCompiler89.exe (PID: 3888)
      • DistriCompiler89.exe (PID: 7884)
      • DistriCompiler89.exe (PID: 4736)
      • VirtuServer128.exe (PID: 5556)
      • MicrosoftEdgeWebview2Setup.exe (PID: 9124)

    • Starts itself from another location

      • DistriCompiler89.exe (PID: 3888)

    • Potential Corporate Privacy Violation

      • setup.exe (PID: 7252)

    • There is functionality for taking screenshot (YARA)

      • hjksfqo.exe (PID: 4000)
      • DistriCompiler89.exe (PID: 4736)

    • Drops 7-zip archiver for unpacking

      • DistriCompiler89.exe (PID: 7884)

    • Connects to unusual port

      • VirtuServer128.exe (PID: 5556)

    • Process drops legitimate windows executable

      • VirtuServer128.exe (PID: 5556)
      • MicrosoftEdgeWebview2Setup.exe (PID: 9124)
      • MicrosoftEdgeUpdate.exe (PID: 7896)

    • Starts process via Powershell

      • powershell.exe (PID: 8128)

    • Starts POWERSHELL.EXE for commands execution

      • VirtuServer128.exe (PID: 5556)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 7896)

  • INFO

    • Checks supported languages

      • identity_helper.exe (PID: 8412)
      • setup.exe (PID: 7252)
      • elevation_service.exe (PID: 8584)
      • hjksfcj.exe (PID: 7748)

    • Reads Environment values

      • identity_helper.exe (PID: 8412)

    • Reads the software policy settings

      • slui.exe (PID: 7836)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 7288)

    • Reads the computer name

      • identity_helper.exe (PID: 8412)
      • setup.exe (PID: 7252)
      • elevation_service.exe (PID: 8584)

    • Application launched itself

      • msedge.exe (PID: 7288)

    • Compiled with Borland Delphi (YARA)

      • setup.exe (PID: 7252)
      • hjksfqo.exe (PID: 4000)

    • Detects InnoSetup installer (YARA)

      • setup.exe (PID: 7252)

    • Executes as Windows Service

      • elevation_service.exe (PID: 8584)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 7252)

    • The sample compiled with english language support

      • DistriCompiler89.exe (PID: 7884)
      • DistriCompiler89.exe (PID: 4736)
      • VirtuServer128.exe (PID: 5556)
      • MicrosoftEdgeWebview2Setup.exe (PID: 9124)
      • MicrosoftEdgeUpdate.exe (PID: 7896)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
234
Monitored processes
96
Malicious processes
11
Suspicious processes
3

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs msedge.exe no specs winrar.exe no specs msedge.exe no specs setup.exe msedge.exe no specs chrome.exe no specs msedge.exe no specs elevation_service.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs hjksfcj.exe districompiler89.exe districompiler89.exe hjksfqo.exe no specs 7za.exe no specs conhost.exe no specs CMSTPLUA districompiler89.exe virtuserver128.exe 7za.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe

Process information

PID
CMD
Path
Indicators
Parent process
516"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\𝒟𝑜𝓌𝓃𝓁𝑜@𝒶𝒹_𝒮𝑒𝓉3𝓊𝓅+𝐹𝒾𝓁𝑒-𝒫𝓈𝓈𝓌𝑜𝓇𝒹_1122_$#!.tar"C:\Program Files\WinRAR\WinRAR.exemsedge.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1040"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=8280 --field-trial-handle=2416,i,15483812411477110149,9803955631274070169,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1052"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6312 --field-trial-handle=2416,i,15483812411477110149,9803955631274070169,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1116"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5744 --field-trial-handle=2416,i,15483812411477110149,9803955631274070169,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1128"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=1324 --field-trial-handle=2416,i,15483812411477110149,9803955631274070169,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1164"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Rar$DIb5756.16129\SETUP.zipC:\Program Files\WinRAR\WinRAR.exeWinRAR.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1228"C:\ProgramData\Iaclientv2\7za.exe" "C:\ProgramData\Iaclientv2\7za.exe" a -t7z "C:\Users\admin\AppData\Roaming\app.7z" C:C:\ProgramData\Iaclientv2\7za.exeDistriCompiler89.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
MEDIUM
Description:
7-Zip Standalone Console
Exit code:
0
Version:
18.05
Modules
Images
c:\windows\system32\input.dll
c:\programdata\iaclientv2\7za.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1628"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7712 --field-trial-handle=2416,i,15483812411477110149,9803955631274070169,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1748"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=8184 --field-trial-handle=2416,i,15483812411477110149,9803955631274070169,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2136"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4340 --field-trial-handle=2416,i,15483812411477110149,9803955631274070169,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
22 433
Read events
22 283
Write events
130
Delete events
20

Modification events

(PID) Process:(7288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(7288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(7288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(7288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(7288) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
1BA95FEB01942F00
(PID) Process:(7288) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
2E7D68EB01942F00
(PID) Process:(7288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328340
Operation:writeName:WindowTabManagerFileMappingId
Value:
{C2112AD2-EDDA-4733-822E-049C6C7E7AE0}
(PID) Process:(7288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328340
Operation:writeName:WindowTabManagerFileMappingId
Value:
{DB8DF83E-61D8-41B1-B4D8-8A256153B400}
(PID) Process:(7288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328340
Operation:writeName:WindowTabManagerFileMappingId
Value:
{F5283E4E-B540-42E7-8600-9568CDE6A2B3}
(PID) Process:(7288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328340
Operation:writeName:WindowTabManagerFileMappingId
Value:
{900D5C19-4F45-4715-B13B-B192ED2970D8}
Executable files
230
Suspicious files
465
Text files
79
Unknown types
0

Dropped files

PID
Process
Filename
Type
7288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10b40f.TMP
MD5:
SHA256:
7288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10b40f.TMP
MD5:
SHA256:
7288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10b41f.TMP
MD5:
SHA256:
7288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10b41f.TMP
MD5:
SHA256:
7288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
7288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
7288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10b41f.TMP
MD5:
SHA256:
7288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
7288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
256
DNS requests
234
Threats
55

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
8632
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7204
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1747771145&P2=404&P3=2&P4=RKkNzrEEDFofd1fvW0dhMcfcyEvQR0g3QwzSmMCZ%2f1pNCB8Rby1JMOlEUqdkJK1GLbMTtMLTlPRZSrmCLFTzXA%3d%3d
unknown
whitelisted
8632
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7204
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1747771145&P2=404&P3=2&P4=RKkNzrEEDFofd1fvW0dhMcfcyEvQR0g3QwzSmMCZ%2f1pNCB8Rby1JMOlEUqdkJK1GLbMTtMLTlPRZSrmCLFTzXA%3d%3d
unknown
whitelisted
7204
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1747771144&P2=404&P3=2&P4=eG%2bGNMVThQ5aji2dM9KB%2ft1kmf6ba9wbIrEvMXaYNJb7sJMrCdeygeAYFDFU4SZMw8z7Dp7peULdWWVwIbLA8A%3d%3d
unknown
whitelisted
7204
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1747771144&P2=404&P3=2&P4=eG%2bGNMVThQ5aji2dM9KB%2ft1kmf6ba9wbIrEvMXaYNJb7sJMrCdeygeAYFDFU4SZMw8z7Dp7peULdWWVwIbLA8A%3d%3d
unknown
whitelisted
7204
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a575cead-e662-4f4d-b0c3-81f1438d0388?P1=1747771145&P2=404&P3=2&P4=TsFoV42e4qWgza8YbA1HGoRppVy%2fAaAJ79VshtA8kMaoZpdfjJ7mmXBZ0nn8a5W48U8UVClL8fuWhoNE%2bdclzw%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7616
msedge.exe
104.18.1.75:443
integrate.linkvertise.com
whitelisted
7288
msedge.exe
239.255.255.250:1900
whitelisted
7616
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
google.com
  • 142.250.185.238
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.253.45
whitelisted
pastelink.net
  • 88.208.215.108
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
www.bing.com
  • 104.126.37.155
  • 104.126.37.163
  • 104.126.37.139
  • 104.126.37.137
  • 104.126.37.145
  • 104.126.37.136
  • 104.126.37.131
  • 104.126.37.162
  • 104.126.37.144
  • 2.16.241.205
  • 2.16.241.201
  • 2.16.241.218
  • 2.16.241.222
  • 2.23.227.215
  • 2.23.227.208
whitelisted

Threats

PID
Process
Class
Message
7616
msedge.exe
Misc activity
ET INFO Pastebin-like Service Domain in DNS Lookup (pastelink .net)
7616
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7616
msedge.exe
Misc activity
ET INFO Pastebin-like Service Domain in DNS Lookup (pastelink .net)
7616
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7616
msedge.exe
Misc activity
ET INFO Observed Pastebin-like Service Domain (pastelink .net) in TLS SNI
7616
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7616
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7616
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7616
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7616
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://pastelink.net/0rh41yaf