URL:

https://openew.app

Full analysis: https://app.any.run/tasks/cab01972-a5e1-4b7f-a6ff-052822933b81
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 28, 2026, 11:00:20
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
Indicators:
MD5:

7E416ED26F1C6CBFC4C921CFDA98EC67

SHA1:

FC5C3920C3FED29789966F57D665C40C68685ACB

SHA256:

FB65F2B6FA1741C034901CA40CCC411228332E6623BDB44CA7784DEBB64D3709

SSDEEP:

3:N8cuAxn:2cugn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes powershell execution policy (Unrestricted)

      • App.exe (PID: 7652)
      • App.exe (PID: 2336)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • Chat_GPT.tmp (PID: 7612)
      • Chat_GPT.tmp (PID: 8424)
      • Chat_GPT.tmp (PID: 3168)
      • Chat_GPT.tmp (PID: 1604)

    • Executable content was dropped or overwritten

      • Chat_GPT.tmp (PID: 7612)
      • Chat_GPT.exe (PID: 5624)
      • Chat_GPT.exe (PID: 4832)
      • Chat_GPT.tmp (PID: 8424)
      • Chat_GPT.exe (PID: 3076)
      • Chat_GPT.tmp (PID: 3168)
      • Chat_GPT.exe (PID: 7684)
      • Chat_GPT.tmp (PID: 1604)

    • Starts POWERSHELL.EXE for commands execution

      • App.exe (PID: 7652)
      • App.exe (PID: 2336)

    • Starts application with an unusual extension

      • cmd.exe (PID: 8008)
      • cmd.exe (PID: 2876)

    • The process bypasses the loading of PowerShell profile settings

      • App.exe (PID: 7652)
      • App.exe (PID: 2336)

    • The process hides Powershell's copyright startup banner

      • App.exe (PID: 7652)
      • App.exe (PID: 2336)

    • Application launched itself

      • App.exe (PID: 7652)
      • App.exe (PID: 2336)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 8008)
      • cmd.exe (PID: 1284)
      • cmd.exe (PID: 7580)
      • cmd.exe (PID: 2220)
      • cmd.exe (PID: 2876)
      • cmd.exe (PID: 3164)
      • cmd.exe (PID: 2876)
      • cmd.exe (PID: 4640)

    • Starts CMD.EXE with AutoRun commands disabled

      • cmd.exe (PID: 8008)
      • cmd.exe (PID: 1284)
      • cmd.exe (PID: 2220)
      • cmd.exe (PID: 7580)
      • cmd.exe (PID: 2876)
      • cmd.exe (PID: 3164)
      • cmd.exe (PID: 2876)
      • cmd.exe (PID: 4640)

    • Starts CMD.EXE with special quote handling

      • cmd.exe (PID: 8008)
      • cmd.exe (PID: 1284)
      • cmd.exe (PID: 2220)
      • cmd.exe (PID: 7580)
      • cmd.exe (PID: 2876)
      • cmd.exe (PID: 3164)
      • cmd.exe (PID: 2876)
      • cmd.exe (PID: 4640)

  • INFO

    • Checks supported languages

      • Chat_GPT.exe (PID: 5624)
      • identity_helper.exe (PID: 8680)
      • Chat_GPT.tmp (PID: 7612)
      • App.exe (PID: 7652)
      • Chat_GPT.exe (PID: 4832)
      • Chat_GPT.tmp (PID: 8424)
      • chcp.com (PID: 8232)
      • App.exe (PID: 8452)
      • App.exe (PID: 7208)
      • Chat_GPT.exe (PID: 3076)
      • Chat_GPT.tmp (PID: 3168)
      • Chat_GPT.exe (PID: 7684)
      • Chat_GPT.tmp (PID: 1604)
      • App.exe (PID: 2336)
      • chcp.com (PID: 8440)
      • App.exe (PID: 8832)
      • App.exe (PID: 3568)

    • Reads the computer name

      • identity_helper.exe (PID: 8680)
      • Chat_GPT.tmp (PID: 7612)
      • Chat_GPT.tmp (PID: 8424)
      • App.exe (PID: 7652)
      • App.exe (PID: 8452)
      • App.exe (PID: 7208)
      • Chat_GPT.tmp (PID: 3168)
      • Chat_GPT.tmp (PID: 1604)
      • App.exe (PID: 2336)
      • App.exe (PID: 3568)
      • App.exe (PID: 8832)

    • Reads Environment values

      • identity_helper.exe (PID: 8680)
      • App.exe (PID: 7652)
      • App.exe (PID: 2336)

    • Application launched itself

      • msedge.exe (PID: 4680)

    • Create files in a temporary directory

      • Chat_GPT.tmp (PID: 8424)
      • Chat_GPT.exe (PID: 5624)
      • Chat_GPT.tmp (PID: 7612)
      • Chat_GPT.exe (PID: 4832)
      • Chat_GPT.exe (PID: 3076)
      • Chat_GPT.tmp (PID: 3168)
      • Chat_GPT.exe (PID: 7684)
      • Chat_GPT.tmp (PID: 1604)

    • Reads security settings of Internet Explorer

      • Chat_GPT.tmp (PID: 7612)
      • Chat_GPT.tmp (PID: 3168)

    • Reads the machine GUID from the registry

      • Chat_GPT.tmp (PID: 7612)
      • Chat_GPT.tmp (PID: 3168)

    • Process checks computer location settings

      • Chat_GPT.tmp (PID: 7612)
      • App.exe (PID: 7652)
      • Chat_GPT.tmp (PID: 3168)
      • App.exe (PID: 2336)

    • The sample compiled with english language support

      • Chat_GPT.tmp (PID: 8424)
      • Chat_GPT.tmp (PID: 1604)

    • Changes the display of characters in the console

      • cmd.exe (PID: 8008)
      • cmd.exe (PID: 2876)

    • Reads product name

      • App.exe (PID: 7652)
      • App.exe (PID: 2336)

    • Node.js compiler has been detected

      • App.exe (PID: 7652)

    • Manual execution by a user

      • Chat_GPT.exe (PID: 3076)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
322
Monitored processes
162
Malicious processes
2
Suspicious processes
5

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chat_gpt.exe chat_gpt.tmp chat_gpt.exe chat_gpt.tmp app.exe cmd.exe no specs conhost.exe no specs chcp.com no specs powershell.exe no specs conhost.exe no specs app.exe no specs app.exe no specs comppkgsrv.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs findstr.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs msedge.exe no specs powershell.exe no specs conhost.exe no specs chat_gpt.exe chat_gpt.tmp chat_gpt.exe chat_gpt.tmp app.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs powershell.exe no specs conhost.exe no specs app.exe no specs app.exe no specs comppkgsrv.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs findstr.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs msedge.exe no specs powershell.exe no specs conhost.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
352"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=8148,i,12840950346981137201,514617039153067426,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=7704 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
508"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --disable-quic --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=5868,i,12840950346981137201,514617039153067426,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
868C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeApp.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
920"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2584,i,12840950346981137201,514617039153067426,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=2580 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1132\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1160C:\Windows\System32\CompPkgSrv.exe -EmbeddingC:\Windows\System32\CompPkgSrv.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Component Package Support Server
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\comppkgsrv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
1284C:\WINDOWS\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"C:\Windows\System32\cmd.exeApp.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
1312"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=8068,i,12840950346981137201,514617039153067426,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=7992 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1400C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeApp.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\atl.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
1552\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
221 655
Read events
221 655
Write events
0
Delete events
0

Modification events

No data
Executable files
46
Suspicious files
314
Text files
302
Unknown types
0

Dropped files

PID
Process
Filename
Type
4680msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF15964e.TMP
MD5:
SHA256:
4680msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
4680msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF15965e.TMP
MD5:
SHA256:
4680msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
4680msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF15965e.TMP
MD5:
SHA256:
4680msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
4680msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF15968c.TMP
MD5:
SHA256:
4680msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
4680msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF15969c.TMP
MD5:
SHA256:
4680msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
156
TCP/UDP connections
103
DNS requests
114
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
8924
msedge.exe
GET
200
144.172.104.205:443
https://openew.app/assets/Mobile.jpg
US
image
311 Kb
unknown
8924
msedge.exe
GET
200
144.172.104.205:443
https://openew.app/assets/iOS.png
US
image
21.3 Kb
unknown
8924
msedge.exe
GET
200
144.172.104.205:443
https://openew.app/app.js
US
text
14.8 Kb
unknown
5276
MoUsoCoreWorker.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
8532
svchost.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5276
MoUsoCoreWorker.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
8924
msedge.exe
GET
502
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:4xTPYGnpoGMDTtA5rwc5RsmUQxI3dEjCu6GqLYP9Zs4&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
whitelisted
8924
msedge.exe
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
132 b
whitelisted
8532
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
8924
msedge.exe
GET
200
52.123.243.74:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=71&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766137499&lafgdate=0
US
text
8.00 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
48.209.133.15:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
48.192.1.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
2.16.110.169:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
5276
MoUsoCoreWorker.exe
23.53.40.178:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
8532
svchost.exe
23.53.40.178:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5276
MoUsoCoreWorker.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
8532
svchost.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
8788
slui.exe
48.192.1.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 48.209.133.15
  • 48.209.6.48
whitelisted
www.bing.com
  • 2.16.110.169
  • 2.16.110.170
  • 2.16.110.187
  • 2.16.110.176
  • 2.16.110.193
  • 2.16.110.186
  • 2.16.110.179
  • 2.16.110.192
  • 2.16.110.184
  • 2.19.96.99
  • 2.19.96.89
  • 2.19.96.107
  • 2.19.96.88
  • 2.19.96.91
  • 2.19.96.98
  • 2.19.96.97
  • 2.19.96.96
  • 2.19.96.90
  • 2.16.241.208
  • 2.16.241.222
  • 2.16.241.206
  • 2.16.241.219
  • 2.16.241.218
  • 2.16.241.220
  • 2.16.241.207
  • 2.16.241.210
  • 2.16.241.221
  • 184.86.251.30
  • 184.86.251.4
  • 184.86.251.5
  • 184.86.251.28
  • 184.86.251.26
  • 184.86.251.27
  • 184.86.251.6
  • 184.86.251.7
  • 184.86.251.31
  • 92.123.104.32
  • 92.123.104.21
  • 92.123.104.18
  • 92.123.104.31
  • 92.123.104.17
  • 92.123.104.19
  • 92.123.104.26
  • 92.123.104.24
  • 92.123.104.30
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted
google.com
  • 142.251.110.138
  • 142.251.110.102
  • 142.251.110.101
  • 142.251.110.139
  • 142.251.110.100
  • 142.251.110.113
whitelisted
crl.microsoft.com
  • 23.53.40.178
  • 23.53.41.90
whitelisted
www.microsoft.com
  • 23.52.181.212
  • 72.246.29.11
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 52.123.243.74
  • 52.123.224.72
  • 52.123.243.80
  • 52.123.243.198
whitelisted
openew.app
  • 144.172.104.205
unknown
api.edgeoffer.microsoft.com
  • 150.171.109.193
whitelisted

Threats

PID
Process
Class
Message
8924
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] hCaptcha Enterprise Challenge
8924
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] hCaptcha Enterprise Challenge
8532
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
8924
msedge.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
8924
msedge.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
8924
msedge.exe
Potentially Bad Traffic
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
8924
msedge.exe
Potentially Bad Traffic
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://openew.app