URL:

https://track.sl.matawalle.com/lt/?p=/.eg./exs/kkr/rs/n8l/1g942j//aHR0cHMlM0ElMkYlMkZwYXBlcmRyb3BzaGFyZWRvYy5kZSUyRkF1dGhvcml6YXRpb24lMkY=/NTIxYWU4ZWUyYmYzYjVmOTNlNmU3YTYwYmFmNDI4OGQ3MDNkMWJmNDU5NjMyMDVlNGVjMDExMDg2OTgzOTRjNQ==

Full analysis: https://app.any.run/tasks/cd78aad8-63a9-411c-80bd-3befba82913f
Verdict: Malicious activity
Analysis date: October 03, 2025, 17:20:43
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
telegram
anti-evasion
logmeinrescue
rmm-tool
arch-exec
github
arch-doc
Indicators:
MD5:

4D5F225FA2EE11E4FF103073984B2B85

SHA1:

C8CB6F1B1FEEFD5E72205B589F3031D335DF5C4C

SHA256:

F8FD324DB48B5AE6849A1E248EDD136A95CC84D767D57A0D1255C1B5D01FE02D

SSDEEP:

3:N8fv5E3k5RK1C+AdWzLWbfyU0hP9J06XOyhkc1ThT897J7sySIvIKmwWgEB2mlbb:2n6ky1C+AUnfzpkc1pCsySIvIhPJcNxC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Changes settings of System certificates

      • GoToResolveUnattended.exe (PID: 6380)
  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • Contract_Authorization.exe (PID: 2504)
    • Executable content was dropped or overwritten

      • Contract_Authorization.exe (PID: 2504)
      • GoToResolveTools64.exe (PID: 3420)
      • GoToResolveUnattended.exe (PID: 6380)
      • GoToResolveExternalModuleHandler.exe (PID: 8372)
      • GoToResolveExternalModuleHandler.exe (PID: 11148)
      • pwsh.exe (PID: 9356)
    • Executing commands from ".cmd" file

      • Contract_Authorization.exe (PID: 2504)
    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 8736)
    • Reads security settings of Internet Explorer

      • GoToResolveUnattended.exe (PID: 2868)
      • GoToResolveProcessChecker.exe (PID: 796)
      • GoToResolveUnattendedUi.exe (PID: 9316)
      • GoToResolveUnattended.exe (PID: 6380)
      • GoToResolveUnattended.exe (PID: 11016)
      • GoToResolveUnattendedUi.exe (PID: 9836)
      • DismHost.exe (PID: 10128)
    • Executes as Windows Service

      • GoToResolveProcessChecker.exe (PID: 2656)
      • GoToResolveProcessChecker.exe (PID: 10924)
      • WmiApSrv.exe (PID: 7196)
    • The process checks if it is being run in the virtual environment

      • GoToResolveQuickView.exe (PID: 8756)
      • GoToResolveQuickView.exe (PID: 11200)
      • GoTo.Resolve.Alerts.Monitor.App.exe (PID: 10676)
    • Reads the BIOS version

      • GoToResolveQuickView.exe (PID: 8756)
      • GoToResolveUnattended.exe (PID: 6380)
      • GoToResolveQuickView.exe (PID: 11200)
      • GoToResolveUnattended.exe (PID: 11016)
    • Adds/modifies Windows certificates

      • GoToResolveUnattended.exe (PID: 6380)
    • LOGMEINRESCUE mutex has been found

      • GoToResolveUnattended.exe (PID: 6380)
      • GoToResolveUnattended.exe (PID: 11016)
    • Creates/Modifies COM task schedule object

      • GoToResolveUnattended.exe (PID: 6380)
    • Creates files in the driver directory

      • GoToResolveTools64.exe (PID: 10460)
    • Process drops legitimate windows executable

      • GoToResolveExternalModuleHandler.exe (PID: 11148)
      • pwsh.exe (PID: 9356)
    • The process creates files with name similar to system file names

      • GoToResolveExternalModuleHandler.exe (PID: 11148)
      • pwsh.exe (PID: 9356)
    • Searches for installed software

      • GoTo.Resolve.Antivirus.App.exe (PID: 8620)
    • The process verifies whether the antivirus software is installed

      • GoTo.Resolve.Antivirus.App.exe (PID: 8620)
    • Detected use of alternative data streams (AltDS)

      • pwsh.exe (PID: 9356)
    • Starts a Microsoft application from unusual location

      • DismHost.exe (PID: 10128)
  • INFO

    • Application launched itself

      • msedge.exe (PID: 4448)
      • firefox.exe (PID: 1688)
      • firefox.exe (PID: 9156)
    • Checks supported languages

      • identity_helper.exe (PID: 8980)
      • identity_helper.exe (PID: 8740)
      • identity_helper.exe (PID: 6388)
      • GoToResolveTools64.exe (PID: 3420)
      • GoToResolveUnattended.exe (PID: 2868)
      • Contract_Authorization.exe (PID: 2504)
      • drvinst.exe (PID: 8336)
      • GoToResolveCrashHandler.exe (PID: 8756)
      • GoToResolveProcessChecker.exe (PID: 796)
      • GoToResolveProcessChecker.exe (PID: 2656)
      • GoToResolveCrashHandler.exe (PID: 7112)
      • GoToResolveUnattended.exe (PID: 6380)
      • GoToResolveLoggerProcess.exe (PID: 8000)
      • GoToResolveCrashHandler.exe (PID: 3260)
      • GoToResolveExternalModuleHandler.exe (PID: 8372)
      • GoToResolveFileManager.exe (PID: 8792)
      • GoToResolveTerminal.exe (PID: 8628)
      • GoToResolveQuickView.exe (PID: 8756)
      • GoToResolveServiceManager.exe (PID: 8636)
      • GoToResolveNetworkChecker.exe (PID: 8548)
      • GoToResolveRemoteControl.exe (PID: 2004)
      • GoToResolveRegistryEditor.exe (PID: 8920)
      • GoToResolveCrashHandler.exe (PID: 7908)
      • GoToResolveCrashHandler.exe (PID: 9256)
      • GoToResolveUnattendedUi.exe (PID: 9316)
      • GoToResolveCrashHandler.exe (PID: 9348)
      • GoToResolveCrashHandler.exe (PID: 9476)
      • GoToResolveCrashHandler.exe (PID: 9500)
      • GoToResolveCrashHandler.exe (PID: 9652)
      • GoToResolveCrashHandler.exe (PID: 9600)
      • GoToResolveCrashHandler.exe (PID: 9756)
      • GoToResolveCrashHandler.exe (PID: 9804)
      • GoToResolveCrashHandler.exe (PID: 9432)
      • Contract_Authorization.exe (PID: 10140)
      • GoToResolveRegistryEditor.exe (PID: 10648)
      • GoToResolveTools64.exe (PID: 10460)
      • GoToResolveCrashHandler.exe (PID: 10480)
      • GoToResolveCrashHandler.exe (PID: 10736)
      • GoToResolveProcessChecker.exe (PID: 10924)
      • GoToResolveCrashHandler.exe (PID: 10980)
      • GoToResolveUnattended.exe (PID: 11016)
      • GoToResolveCrashHandler.exe (PID: 11080)
      • GoToResolveLoggerProcess.exe (PID: 11060)
      • GoToResolveExternalModuleHandler.exe (PID: 11148)
      • GoToResolveFileManager.exe (PID: 11180)
      • GoToResolveQuickView.exe (PID: 11200)
      • GoToResolveTerminal.exe (PID: 11220)
      • GoToResolveRemoteControl.exe (PID: 10360)
      • GoToResolveRegistryEditor.exe (PID: 10316)
      • GoToResolveServiceManager.exe (PID: 11248)
      • GoToResolveNetworkChecker.exe (PID: 10340)
      • GoToResolveCrashHandler.exe (PID: 9964)
      • GoToResolveCrashHandler.exe (PID: 10504)
      • GoToResolveCrashHandler.exe (PID: 9232)
      • GoToResolveCrashHandler.exe (PID: 9572)
      • GoToResolveUnattendedUi.exe (PID: 9836)
      • GoToResolveCrashHandler.exe (PID: 10020)
      • GoToResolveCrashHandler.exe (PID: 9580)
      • GoToResolveCrashHandler.exe (PID: 9812)
      • GoToResolveCrashHandler.exe (PID: 9620)
      • GoTo.Resolve.Bcdr.App.exe (PID: 10716)
      • GoTo.Resolve.Antivirus.App.exe (PID: 8620)
      • GoTo.Resolve.Alerts.Monitor.App.exe (PID: 10676)
      • RemoteExecution.Runner.exe (PID: 8488)
      • GoToResolveCrashHandler.exe (PID: 9284)
      • GoToResolveCrashHandler.exe (PID: 10600)
      • GoTo.Resolve.PatchManagement.Client.exe (PID: 6296)
      • pwsh.exe (PID: 10620)
      • pwsh.exe (PID: 9356)
      • wa_3rd_party_host_32.exe (PID: 1848)
      • DismHost.exe (PID: 10128)
      • winget.exe (PID: 8360)
      • winget.exe (PID: 11980)
    • Attempting to use instant messaging service

      • msedge.exe (PID: 5096)
    • Reads Environment values

      • identity_helper.exe (PID: 8980)
      • identity_helper.exe (PID: 8740)
      • identity_helper.exe (PID: 6388)
      • GoToResolveTools64.exe (PID: 3420)
      • GoToResolveUnattended.exe (PID: 2868)
      • GoToResolveUnattended.exe (PID: 6380)
      • GoToResolveExternalModuleHandler.exe (PID: 8372)
      • GoToResolveRemoteControl.exe (PID: 2004)
      • GoToResolveQuickView.exe (PID: 8756)
      • GoToResolveTools64.exe (PID: 10460)
      • GoToResolveUnattended.exe (PID: 11016)
      • GoToResolveExternalModuleHandler.exe (PID: 11148)
      • GoToResolveQuickView.exe (PID: 11200)
      • GoToResolveRemoteControl.exe (PID: 10360)
      • DismHost.exe (PID: 10128)
    • Reads the computer name

      • identity_helper.exe (PID: 8980)
      • identity_helper.exe (PID: 8740)
      • identity_helper.exe (PID: 6388)
      • Contract_Authorization.exe (PID: 2504)
      • GoToResolveUnattended.exe (PID: 2868)
      • GoToResolveTools64.exe (PID: 3420)
      • drvinst.exe (PID: 8336)
      • GoToResolveProcessChecker.exe (PID: 796)
      • GoToResolveProcessChecker.exe (PID: 2656)
      • GoToResolveUnattended.exe (PID: 6380)
      • GoToResolveExternalModuleHandler.exe (PID: 8372)
      • GoToResolveLoggerProcess.exe (PID: 8000)
      • GoToResolveQuickView.exe (PID: 8756)
      • GoToResolveFileManager.exe (PID: 8792)
      • GoToResolveTerminal.exe (PID: 8628)
      • GoToResolveServiceManager.exe (PID: 8636)
      • GoToResolveRemoteControl.exe (PID: 2004)
      • GoToResolveRegistryEditor.exe (PID: 8920)
      • GoToResolveNetworkChecker.exe (PID: 8548)
      • GoToResolveUnattendedUi.exe (PID: 9316)
      • Contract_Authorization.exe (PID: 10140)
      • GoToResolveTools64.exe (PID: 10460)
      • GoToResolveRegistryEditor.exe (PID: 10648)
      • GoToResolveProcessChecker.exe (PID: 10924)
      • GoToResolveUnattended.exe (PID: 11016)
      • GoToResolveLoggerProcess.exe (PID: 11060)
      • GoToResolveExternalModuleHandler.exe (PID: 11148)
      • GoToResolveQuickView.exe (PID: 11200)
      • GoToResolveRemoteControl.exe (PID: 10360)
      • GoToResolveServiceManager.exe (PID: 11248)
      • GoToResolveRegistryEditor.exe (PID: 10316)
      • GoToResolveNetworkChecker.exe (PID: 10340)
      • GoToResolveFileManager.exe (PID: 11180)
      • GoToResolveTerminal.exe (PID: 11220)
      • GoToResolveUnattendedUi.exe (PID: 9836)
      • GoTo.Resolve.Antivirus.App.exe (PID: 8620)
      • RemoteExecution.Runner.exe (PID: 8488)
      • GoTo.Resolve.Alerts.Monitor.App.exe (PID: 10676)
      • GoTo.Resolve.Bcdr.App.exe (PID: 10716)
      • GoTo.Resolve.PatchManagement.Client.exe (PID: 6296)
      • wa_3rd_party_host_32.exe (PID: 1848)
      • pwsh.exe (PID: 10620)
      • pwsh.exe (PID: 9356)
      • DismHost.exe (PID: 10128)
      • winget.exe (PID: 11980)
      • winget.exe (PID: 8360)
    • Launching a file from the Downloads directory

      • msedge.exe (PID: 4448)
    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 1260)
      • BackgroundTransferHost.exe (PID: 9040)
      • BackgroundTransferHost.exe (PID: 4460)
      • BackgroundTransferHost.exe (PID: 2756)
      • BackgroundTransferHost.exe (PID: 8312)
    • Executable content was dropped or overwritten

      • msedge.exe (PID: 4448)
    • Checks proxy server information

      • BackgroundTransferHost.exe (PID: 9040)
      • GoToResolveUnattended.exe (PID: 2868)
      • slui.exe (PID: 9660)
    • Reads the software policy settings

      • BackgroundTransferHost.exe (PID: 9040)
      • drvinst.exe (PID: 8336)
      • GoToResolveUnattended.exe (PID: 2868)
      • GoToResolveProcessChecker.exe (PID: 796)
      • GoToResolveProcessChecker.exe (PID: 2656)
      • GoToResolveUnattended.exe (PID: 6380)
      • GoToResolveLoggerProcess.exe (PID: 8000)
      • GoToResolveTerminal.exe (PID: 8628)
      • GoToResolveExternalModuleHandler.exe (PID: 8372)
      • GoToResolveFileManager.exe (PID: 8792)
      • GoToResolveNetworkChecker.exe (PID: 8548)
      • GoToResolveQuickView.exe (PID: 8756)
      • GoToResolveServiceManager.exe (PID: 8636)
      • GoToResolveRegistryEditor.exe (PID: 8920)
      • GoToResolveRemoteControl.exe (PID: 2004)
      • GoToResolveUnattendedUi.exe (PID: 9316)
      • GoToResolveRegistryEditor.exe (PID: 10648)
      • GoToResolveProcessChecker.exe (PID: 10924)
      • GoToResolveUnattended.exe (PID: 11016)
      • GoToResolveLoggerProcess.exe (PID: 11060)
      • GoToResolveExternalModuleHandler.exe (PID: 11148)
      • GoToResolveTerminal.exe (PID: 11220)
      • GoToResolveServiceManager.exe (PID: 11248)
      • GoToResolveNetworkChecker.exe (PID: 10340)
      • GoToResolveFileManager.exe (PID: 11180)
      • GoToResolveUnattendedUi.exe (PID: 9836)
      • GoToResolveRemoteControl.exe (PID: 10360)
      • GoToResolveRegistryEditor.exe (PID: 10316)
      • GoToResolveQuickView.exe (PID: 11200)
      • RemoteExecution.Runner.exe (PID: 8488)
      • GoTo.Resolve.Bcdr.App.exe (PID: 10716)
      • GoTo.Resolve.PatchManagement.Client.exe (PID: 6296)
      • GoTo.Resolve.Alerts.Monitor.App.exe (PID: 10676)
      • GoTo.Resolve.Antivirus.App.exe (PID: 8620)
    • Creates files or folders in the user directory

      • BackgroundTransferHost.exe (PID: 9040)
      • Contract_Authorization.exe (PID: 2504)
      • GoToResolveUnattended.exe (PID: 2868)
      • Contract_Authorization.exe (PID: 10140)
    • Creates files in the program directory

      • Contract_Authorization.exe (PID: 2504)
      • GoToResolveTools64.exe (PID: 3420)
      • GoToResolveCrashHandler.exe (PID: 8756)
      • GoToResolveUnattended.exe (PID: 2868)
      • GoToResolveProcessChecker.exe (PID: 796)
      • GoToResolveProcessChecker.exe (PID: 2656)
      • GoToResolveCrashHandler.exe (PID: 7112)
      • GoToResolveCrashHandler.exe (PID: 3260)
      • GoToResolveUnattended.exe (PID: 6380)
      • GoToResolveLoggerProcess.exe (PID: 8000)
      • GoToResolveCrashHandler.exe (PID: 7908)
      • GoToResolveExternalModuleHandler.exe (PID: 8372)
      • GoToResolveCrashHandler.exe (PID: 9256)
      • GoToResolveCrashHandler.exe (PID: 9348)
      • GoToResolveQuickView.exe (PID: 8756)
      • GoToResolveCrashHandler.exe (PID: 9432)
      • GoToResolveServiceManager.exe (PID: 8636)
      • GoToResolveRemoteControl.exe (PID: 2004)
      • GoToResolveFileManager.exe (PID: 8792)
      • GoToResolveTerminal.exe (PID: 8628)
      • GoToResolveCrashHandler.exe (PID: 9476)
      • GoToResolveRegistryEditor.exe (PID: 8920)
      • GoToResolveCrashHandler.exe (PID: 9500)
      • GoToResolveCrashHandler.exe (PID: 9756)
      • GoToResolveNetworkChecker.exe (PID: 8548)
      • GoToResolveCrashHandler.exe (PID: 9652)
      • GoToResolveCrashHandler.exe (PID: 9600)
      • GoToResolveUnattendedUi.exe (PID: 9316)
      • GoToResolveCrashHandler.exe (PID: 9804)
      • Contract_Authorization.exe (PID: 10140)
      • GoToResolveRegistryEditor.exe (PID: 10648)
      • GoToResolveProcessChecker.exe (PID: 10924)
      • GoToResolveUnattended.exe (PID: 11016)
      • GoToResolveLoggerProcess.exe (PID: 11060)
      • GoToResolveFileManager.exe (PID: 11180)
      • GoToResolveTerminal.exe (PID: 11220)
      • GoToResolveRegistryEditor.exe (PID: 10316)
      • GoToResolveServiceManager.exe (PID: 11248)
      • GoToResolveExternalModuleHandler.exe (PID: 11148)
      • GoTo.Resolve.Bcdr.App.exe (PID: 10716)
      • RemoteExecution.Runner.exe (PID: 8488)
      • GoTo.Resolve.Antivirus.App.exe (PID: 8620)
      • GoTo.Resolve.Alerts.Monitor.App.exe (PID: 10676)
      • GoTo.Resolve.PatchManagement.Client.exe (PID: 6296)
    • Creates a software uninstall entry

      • Contract_Authorization.exe (PID: 2504)
      • GoToResolveProcessChecker.exe (PID: 796)
      • GoToResolveProcessChecker.exe (PID: 2656)
      • GoToResolveUnattended.exe (PID: 6380)
      • GoToResolveProcessChecker.exe (PID: 10924)
    • The sample compiled with english language support

      • Contract_Authorization.exe (PID: 2504)
      • GoToResolveTools64.exe (PID: 3420)
      • drvinst.exe (PID: 8336)
      • GoToResolveUnattended.exe (PID: 6380)
      • GoToResolveExternalModuleHandler.exe (PID: 11148)
      • pwsh.exe (PID: 9356)
    • Reads CPU info

      • GoToResolveTools64.exe (PID: 3420)
      • GoToResolveUnattended.exe (PID: 2868)
      • GoToResolveUnattended.exe (PID: 6380)
      • GoToResolveRemoteControl.exe (PID: 2004)
      • GoToResolveQuickView.exe (PID: 8756)
      • GoToResolveTools64.exe (PID: 10460)
      • GoToResolveUnattended.exe (PID: 11016)
      • GoToResolveRemoteControl.exe (PID: 10360)
      • GoToResolveQuickView.exe (PID: 11200)
      • GoTo.Resolve.Alerts.Monitor.App.exe (PID: 10676)
    • Create files in a temporary directory

      • GoToResolveTools64.exe (PID: 3420)
    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 8336)
      • GoToResolveUnattended.exe (PID: 2868)
      • GoToResolveProcessChecker.exe (PID: 796)
      • GoToResolveProcessChecker.exe (PID: 2656)
      • GoToResolveUnattended.exe (PID: 6380)
      • GoToResolveLoggerProcess.exe (PID: 8000)
      • GoToResolveRemoteControl.exe (PID: 2004)
      • GoToResolveNetworkChecker.exe (PID: 8548)
      • GoToResolveRegistryEditor.exe (PID: 8920)
      • GoToResolveExternalModuleHandler.exe (PID: 8372)
      • GoToResolveFileManager.exe (PID: 8792)
      • GoToResolveServiceManager.exe (PID: 8636)
      • GoToResolveQuickView.exe (PID: 8756)
      • GoToResolveUnattendedUi.exe (PID: 9316)
      • GoToResolveTerminal.exe (PID: 8628)
      • GoToResolveRegistryEditor.exe (PID: 10648)
      • GoToResolveProcessChecker.exe (PID: 10924)
      • GoToResolveUnattended.exe (PID: 11016)
      • GoToResolveLoggerProcess.exe (PID: 11060)
      • GoToResolveFileManager.exe (PID: 11180)
      • GoToResolveTerminal.exe (PID: 11220)
      • GoToResolveServiceManager.exe (PID: 11248)
      • GoToResolveRemoteControl.exe (PID: 10360)
      • GoToResolveExternalModuleHandler.exe (PID: 11148)
      • GoToResolveQuickView.exe (PID: 11200)
      • GoToResolveRegistryEditor.exe (PID: 10316)
      • GoToResolveNetworkChecker.exe (PID: 10340)
      • GoToResolveUnattendedUi.exe (PID: 9836)
      • GoTo.Resolve.Antivirus.App.exe (PID: 8620)
      • wa_3rd_party_host_32.exe (PID: 1848)
      • DismHost.exe (PID: 10128)
    • Process checks computer location settings

      • GoToResolveUnattended.exe (PID: 2868)
      • GoToResolveUnattended.exe (PID: 6380)
      • GoToResolveUnattended.exe (PID: 11016)
      • GoTo.Resolve.Alerts.Monitor.App.exe (PID: 10676)
      • RemoteExecution.Runner.exe (PID: 8488)
      • GoTo.Resolve.Bcdr.App.exe (PID: 10716)
      • GoTo.Resolve.Antivirus.App.exe (PID: 8620)
      • GoTo.Resolve.PatchManagement.Client.exe (PID: 6296)
      • pwsh.exe (PID: 10620)
      • pwsh.exe (PID: 9356)
    • Manual execution by a user

      • cmd.exe (PID: 8244)
      • Contract_Authorization.exe (PID: 10092)
      • Contract_Authorization.exe (PID: 10140)
      • firefox.exe (PID: 9156)
      • WinRAR.exe (PID: 11628)
      • notepad.exe (PID: 8980)
    • Reads the time zone

      • GoToResolveUnattended.exe (PID: 6380)
      • GoToResolveUnattended.exe (PID: 11016)
      • GoTo.Resolve.Alerts.Monitor.App.exe (PID: 10676)
    • Reads Microsoft Office registry keys

      • firefox.exe (PID: 1688)
      • OpenWith.exe (PID: 11408)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
344
Monitored processes
156
Malicious processes
3
Suspicious processes
4

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs contract_authorization.exe no specs contract_authorization.exe gotoresolveunattended.exe gotoresolvetools64.exe cmd.exe no specs conhost.exe no specs gotoresolvecrashhandler.exe no specs timeout.exe no specs drvinst.exe no specs gotoresolveprocesschecker.exe gotoresolveprocesschecker.exe gotoresolvecrashhandler.exe no specs gotoresolveunattended.exe timeout.exe no specs gotoresolveloggerprocess.exe gotoresolvecrashhandler.exe no specs gotoresolveexternalmodulehandler.exe gotoresolvefilemanager.exe gotoresolvequickview.exe gotoresolveterminal.exe gotoresolveservicemanager.exe gotoresolveremotecontrol.exe cmd.exe no specs gotoresolveregistryeditor.exe conhost.exe no specs tiworker.exe no specs gotoresolvenetworkchecker.exe gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs gotoresolveunattendedui.exe gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs slui.exe gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs contract_authorization.exe no specs contract_authorization.exe msedge.exe no specs msedge.exe no specs gotoresolvetools64.exe no specs gotoresolvecrashhandler.exe no specs gotoresolveregistryeditor.exe gotoresolvecrashhandler.exe no specs msedge.exe no specs gotoresolveprocesschecker.exe gotoresolvecrashhandler.exe no specs gotoresolveunattended.exe gotoresolveloggerprocess.exe gotoresolvecrashhandler.exe no specs gotoresolveexternalmodulehandler.exe gotoresolvefilemanager.exe gotoresolvequickview.exe gotoresolveterminal.exe gotoresolveservicemanager.exe gotoresolveremotecontrol.exe gotoresolveregistryeditor.exe gotoresolvenetworkchecker.exe gotoresolveunattendedui.exe gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs gotoresolvecrashhandler.exe no specs msedge.exe no specs msedge.exe no specs goto.resolve.antivirus.app.exe remoteexecution.runner.exe conhost.exe no specs conhost.exe no specs goto.resolve.bcdr.app.exe goto.resolve.alerts.monitor.app.exe conhost.exe no specs conhost.exe no specs goto.resolve.patchmanagement.client.exe conhost.exe no specs wmiapsrv.exe no specs where.exe no specs where.exe no specs unsecapp.exe no specs wa_3rd_party_host_32.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs openwith.exe no specs pwsh.exe no specs pwsh.exe msedge.exe no specs dismhost.exe notepad.exe no specs where.exe no specs winget.exe no specs winget.exe no specs msedge.exe no specs updater.exe no specs updater.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
708C:\WINDOWS\system32\wbem\unsecapp.exe -EmbeddingC:\Windows\System32\wbem\unsecapp.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Sink to receive asynchronous callbacks for WMI client application
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
764"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -prefsHandle 2024 -prefsLen 36580 -prefMapHandle 2028 -prefMapSize 273045 -ipcHandle 2084 -initialChannelId {687f5ce6-dbfb-41c5-963b-cac5c95d69f6} -parentPid 1688 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1688" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
1
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140_1.dll
796"C:\Program Files (x86)\GoTo Resolve Unattended\5009068662747748114\GoToResolveProcessChecker.exe" -regsvc -expectadmin -starterpid 2868 -InstallationId 5IfKqIAtgP -WorkFolder "C:\Program Files (x86)\GoTo Resolve Unattended\5009068662747748114" -ApplicationType 4 -Environment "Production" -ForceInstall 0C:\Program Files (x86)\GoTo Resolve Unattended\5009068662747748114\GoToResolveProcessChecker.exe
GoToResolveUnattended.exe
User:
admin
Company:
GoTo, Inc.
Integrity Level:
HIGH
Description:
LogMeIn Resolve
Exit code:
0
Version:
1.27.1.2832
Modules
Images
c:\program files (x86)\goto resolve unattended\5009068662747748114\gotoresolveprocesschecker.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
1260"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
1524"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=7108,i,10513912410581807037,11927432383997901857,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1688"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1848 --pid=8620C:\Program Files (x86)\GoTo Resolve Unattended\5009068662747748114\externalmodules\AntivirusModule\1.2025.1001.04\wa_3rd_party_host_32.exeGoTo.Resolve.Antivirus.App.exe
User:
SYSTEM
Company:
OPSWAT, Inc.
Integrity Level:
SYSTEM
Description:
MDES SDK V4 3rd Party Host
Exit code:
0
Version:
2025.9.23.746
Modules
Images
c:\program files (x86)\goto resolve unattended\5009068662747748114\externalmodules\antivirusmodule\1.2025.1001.04\wa_3rd_party_host_32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2004GoToResolveRemoteControl.exe -CompanyId 5009068662747748114 -InstallationId 5IfKqIAtgP -WorkFolder "C:\Program Files (x86)\GoTo Resolve Unattended\5009068662747748114" -Environment Production -ApplicationType 4 -LogLevel 2 -Service 1C:\Program Files (x86)\GoTo Resolve Unattended\5009068662747748114\GoToResolveRemoteControl.exe
GoToResolveUnattended.exe
User:
SYSTEM
Company:
GoTo, Inc.
Integrity Level:
SYSTEM
Description:
LogMeIn Resolve
Exit code:
0
Version:
1.27.1.2832
Modules
Images
c:\program files (x86)\goto resolve unattended\5009068662747748114\gotoresolveremotecontrol.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\msvcp_win.dll
2260"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3588,i,10513912410581807037,11927432383997901857,262144 --variations-seed-version --mojo-platform-channel-handle=3648 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2504"C:\Users\admin\Downloads\Contract_Authorization.exe" C:\Users\admin\Downloads\Contract_Authorization.exe
msedge.exe
User:
admin
Company:
GoTo, Inc.
Integrity Level:
HIGH
Description:
LogMeIn Resolve
Exit code:
0
Version:
1.27.1.2832
Modules
Images
c:\users\admin\downloads\contract_authorization.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
Total events
175 945
Read events
175 829
Write events
81
Delete events
35

Modification events

(PID) Process:(4448) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4448) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(4448) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(4448) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(4448) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
F2D6259BDA9E2F00
(PID) Process:(4448) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328142
Operation:writeName:WindowTabManagerFileMappingId
Value:
{68A396E3-BEAC-41BE-A495-C6FB3F24F564}
(PID) Process:(4448) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328142
Operation:writeName:WindowTabManagerFileMappingId
Value:
{8AD44477-D8B6-4A03-B5E9-3982DF189EFA}
(PID) Process:(4448) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328142
Operation:writeName:WindowTabManagerFileMappingId
Value:
{E3812E19-4F59-4661-B922-F08111030A4F}
(PID) Process:(4448) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
FC2B549BDA9E2F00
(PID) Process:(4448) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\Commands\on-logon-autolaunch
Operation:writeName:Enabled
Value:
0
Executable files
768
Suspicious files
874
Text files
170
Unknown types
0

Dropped files

PID
Process
Filename
Type
4448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF17102c.TMP
MD5:
SHA256:
4448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
4448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF17102c.TMP
MD5:
SHA256:
4448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF17103c.TMP
MD5:
SHA256:
4448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
4448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
4448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF17102c.TMP
MD5:
SHA256:
4448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
4448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF17104c.TMP
MD5:
SHA256:
4448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
47
TCP/UDP connections
241
DNS requests
205
Threats
119

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6180
svchost.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
DE
binary
471 b
whitelisted
8428
backgroundTaskHost.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
DE
binary
313 b
whitelisted
8456
backgroundTaskHost.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
DE
binary
471 b
whitelisted
2656
GoToResolveProcessChecker.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEA4Mh2e7LU%2FvwtYX3xHOG4k%3D
US
binary
727 b
whitelisted
2656
GoToResolveProcessChecker.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRbuhDibVrw1t5r3WYz1C9Jl6I%2FtwQU729TSunkBnx6yuKQVvYv1Ensy04CEAqA7xhLjfEFgtHEdqeVdGg%3D
US
binary
727 b
whitelisted
2868
GoToResolveUnattended.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEA4Mh2e7LU%2FvwtYX3xHOG4k%3D
US
binary
727 b
whitelisted
8296
backgroundTaskHost.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
DE
binary
471 b
whitelisted
9040
BackgroundTransferHost.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
DE
binary
313 b
whitelisted
2868
GoToResolveUnattended.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRbuhDibVrw1t5r3WYz1C9Jl6I%2FtwQU729TSunkBnx6yuKQVvYv1Ensy04CEAqA7xhLjfEFgtHEdqeVdGg%3D
US
binary
727 b
whitelisted
10120
svchost.exe
GET
206
184.86.251.196:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ddbf4492-d475-4fe4-bcde-6cbac56f6034?P1=1759799329&P2=404&P3=2&P4=GB4RmxQXkGuzWBTjQsXbqkBDhSuuhw4b8GJhCCx0%2fPWKt7vbgtBfB4Nzx1qJy2evvYMIcn0zXvD%2fHPEAGaJjUw%3d%3d
DE
binary
41 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
8088
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
6016
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5096
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5096
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5096
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5096
msedge.exe
104.84.152.34:443
copilot.microsoft.com
Akamai International B.V.
SE
whitelisted
5096
msedge.exe
34.122.158.70:443
track.sl.matawalle.com
GOOGLE-CLOUD-PLATFORM
US
unknown
4
System
192.168.100.255:138
whitelisted
5096
msedge.exe
188.114.97.3:443
paperdropsharedoc.de
CLOUDFLARENET
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
google.com
  • 142.250.185.238
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
track.sl.matawalle.com
  • 34.122.158.70
unknown
copilot.microsoft.com
  • 104.84.152.34
  • 95.101.142.195
whitelisted
paperdropsharedoc.de
  • 188.114.97.3
  • 188.114.96.3
unknown
www.bing.com
  • 95.101.142.179
  • 95.101.142.186
  • 95.101.142.169
  • 95.101.142.177
  • 95.101.142.192
  • 95.101.142.171
  • 95.101.142.185
  • 95.101.142.193
  • 95.101.142.163
  • 104.84.152.24
  • 104.84.152.19
  • 104.84.152.33
  • 104.84.152.25
  • 95.101.142.161
  • 104.84.152.40
  • 104.84.152.32
  • 104.84.152.26
  • 104.84.152.42
  • 2.16.241.205
  • 2.16.241.218
  • 2.16.241.207
  • 2.16.241.201
  • 104.84.152.9
  • 95.101.142.232
  • 104.84.152.18
whitelisted
api.ipify.org
  • 172.67.74.152
  • 104.26.12.205
  • 104.26.13.205
whitelisted
ipapi.co
  • 104.26.8.44
  • 172.67.69.226
  • 104.26.9.44
shared

Threats

PID
Process
Class
Message
5096
msedge.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
5096
msedge.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain (ipapi .co in DNS lookup)
5096
msedge.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
5096
msedge.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
5096
msedge.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain (ipapi .co in DNS lookup)
5096
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
5096
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
5096
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Possible sending an external IP address to Telegram
5096
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Possible sending an external IP address to Telegram
5096
msedge.exe
Misc activity
ET HUNTING Telegram API Domain in DNS Lookup
Process
Message
GoToResolveUnattended.exe
DllMain: DLL_PROCESS_ATTACH: lpReserved=0
GoToResolveUnattended.exe
DllMain: DLL_THREAD_ATTACH
GoToResolveUnattended.exe
DllMain: DLL_THREAD_ATTACH
GoToResolveUnattended.exe
DllMain: DLL_THREAD_ATTACH
GoToResolveUnattended.exe
DllMain: DLL_THREAD_ATTACH
GoToResolveUnattended.exe
DllMain: DLL_THREAD_ATTACH
GoToResolveUnattended.exe
DllMain: DLL_THREAD_DETACH
GoToResolveProcessChecker.exe
DllMain: DLL_PROCESS_ATTACH: lpReserved=0
GoToResolveProcessChecker.exe
DllMain: DLL_PROCESS_ATTACH: lpReserved=0
GoToResolveProcessChecker.exe
DllMain: DLL_THREAD_ATTACH