URL:

https://waveexecutor.io/download/

Full analysis: https://app.any.run/tasks/2e91f480-0644-4566-b5e6-17bd89aa23cf
Verdict: Malicious activity
Analysis date: December 13, 2024, 21:26:32
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
obfuscated-js
Indicators:
MD5:

C8EFB088C614EBBAA582041FAD13D40B

SHA1:

2820691F3614EC828CC464A92D78153C7763FBC4

SHA256:

005376ACC740D0B3A21E8A679622EB1112B3842A0816C66FCD160A1310A66219

SSDEEP:

3:N8V44pn:2SW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 7412)
      • powershell.exe (PID: 6644)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Wave-Setup.exe (PID: 3416)
      • Wave-Setup.exe (PID: 8180)
      • old-uninstaller.exe (PID: 4624)

    • Drops 7-zip archiver for unpacking

      • Wave-Setup.exe (PID: 3416)
      • Wave-Setup.exe (PID: 8180)

    • Starts CMD.EXE for commands execution

      • Wave-Setup.exe (PID: 3416)
      • Wave.exe (PID: 2220)
      • powershell.exe (PID: 7412)
      • Wave.exe (PID: 1920)
      • Wave-Setup.exe (PID: 8180)
      • old-uninstaller.exe (PID: 4624)
      • Wave.exe (PID: 7800)
      • powershell.exe (PID: 6644)
      • Wave.exe (PID: 6616)

    • Get information on the list of running processes

      • Wave-Setup.exe (PID: 3416)
      • cmd.exe (PID: 5340)
      • cmd.exe (PID: 4668)
      • Wave-Setup.exe (PID: 8180)
      • old-uninstaller.exe (PID: 4624)
      • cmd.exe (PID: 8172)

    • Reads security settings of Internet Explorer

      • Wave-Setup.exe (PID: 3416)
      • Wave-Setup.exe (PID: 8180)

    • Creates a software uninstall entry

      • Wave-Setup.exe (PID: 3416)

    • Process drops legitimate windows executable

      • Wave-Setup.exe (PID: 3416)
      • old-uninstaller.exe (PID: 4624)
      • Wave-Setup.exe (PID: 8180)

    • The process creates files with name similar to system file names

      • Wave-Setup.exe (PID: 3416)
      • old-uninstaller.exe (PID: 4624)

    • Application launched itself

      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 7800)
      • Wave.exe (PID: 6616)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 7920)
      • cmd.exe (PID: 5244)

    • Executing commands from a ".bat" file

      • Wave.exe (PID: 2220)
      • powershell.exe (PID: 7412)
      • Wave.exe (PID: 7800)
      • powershell.exe (PID: 6644)

    • Starts process via Powershell

      • powershell.exe (PID: 7412)
      • powershell.exe (PID: 6644)

    • Starts application with an unusual extension

      • cmd.exe (PID: 5004)
      • cmd.exe (PID: 6544)

    • The executable file from the user directory is run by the CMD process

      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 6616)

    • The process deletes folder without confirmation

      • Wave.exe (PID: 2220)

    • Executable content was dropped or overwritten

      • Wave-Setup.exe (PID: 8180)
      • old-uninstaller.exe (PID: 4624)
      • Wave-Setup.exe (PID: 3416)
      • Wave.exe (PID: 6616)

    • Searches for installed software

      • Wave-Setup.exe (PID: 8180)

  • INFO

    • Checks supported languages

      • identity_helper.exe (PID: 8184)
      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 7796)
      • Wave.exe (PID: 2448)
      • Wave.exe (PID: 6780)
      • Wave.exe (PID: 7524)
      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 5872)
      • identity_helper.exe (PID: 5556)
      • Wave-Setup.exe (PID: 8180)
      • old-uninstaller.exe (PID: 4624)
      • Wave.exe (PID: 7800)
      • Wave-Setup.exe (PID: 3416)
      • Wave.exe (PID: 7848)
      • chcp.com (PID: 6664)
      • Wave.exe (PID: 7760)
      • Wave.exe (PID: 6616)
      • Wave.exe (PID: 6188)
      • wave-luau.exe (PID: 6916)
      • Bloxstrap.exe (PID: 6420)

    • Reads Environment values

      • identity_helper.exe (PID: 8184)
      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 1920)
      • identity_helper.exe (PID: 5556)
      • Wave.exe (PID: 7800)

    • Application launched itself

      • msedge.exe (PID: 4996)
      • msedge.exe (PID: 6480)

    • Create files in a temporary directory

      • Wave-Setup.exe (PID: 3416)
      • Wave.exe (PID: 1920)
      • Wave-Setup.exe (PID: 8180)
      • old-uninstaller.exe (PID: 4624)
      • Wave.exe (PID: 7800)

    • The process uses the downloaded file

      • msedge.exe (PID: 2940)
      • powershell.exe (PID: 6644)

    • The sample compiled with english language support

      • Wave-Setup.exe (PID: 3416)
      • Wave-Setup.exe (PID: 8180)
      • old-uninstaller.exe (PID: 4624)
      • msedge.exe (PID: 6416)

    • Manual execution by a user

      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 7800)

    • Creates files or folders in the user directory

      • Wave-Setup.exe (PID: 3416)
      • Wave.exe (PID: 7524)
      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 1920)
      • Wave-Setup.exe (PID: 8180)
      • Wave.exe (PID: 6616)

    • Reads the computer name

      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 7796)
      • Wave.exe (PID: 2448)
      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 6780)
      • Wave.exe (PID: 7524)
      • identity_helper.exe (PID: 5556)
      • Wave-Setup.exe (PID: 3416)
      • Wave-Setup.exe (PID: 8180)
      • Wave.exe (PID: 7800)
      • identity_helper.exe (PID: 8184)
      • Wave.exe (PID: 6616)
      • Wave.exe (PID: 7760)
      • Bloxstrap.exe (PID: 6420)
      • Wave.exe (PID: 8184)

    • Reads product name

      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 7800)

    • Reads the machine GUID from the registry

      • Wave.exe (PID: 2220)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 7800)
      • Wave.exe (PID: 6616)

    • Checks proxy server information

      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 7800)
      • Wave.exe (PID: 6616)

    • Drops encrypted VBS script (Microsoft Script Encoder)

      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 7800)
      • Wave.exe (PID: 6616)

    • Changes the display of characters in the console

      • cmd.exe (PID: 5004)
      • cmd.exe (PID: 6544)

    • Process checks computer location settings

      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 5872)
      • Wave.exe (PID: 6616)

    • Sends debugging messages

      • Bloxstrap.exe (PID: 6420)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6416)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
284
Monitored processes
144
Malicious processes
9
Suspicious processes
5

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wave-setup.exe cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs msedge.exe no specs msedge.exe no specs wave.exe no specs wave.exe no specs wave.exe no specs fsutil.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe conhost.exe no specs chcp.com no specs wave.exe wave.exe no specs wave.exe fsutil.exe no specs conhost.exe no specs wave.exe no specs wave-luau.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wave-setup.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs old-uninstaller.exe cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs wave.exe no specs wave.exe no specs wave.exe no specs fsutil.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe conhost.exe no specs chcp.com no specs wave.exe wave.exe no specs wave.exe fsutil.exe no specs conhost.exe no specs wave.exe no specs cmd.exe no specs conhost.exe no specs wave-luau.exe no specs conhost.exe no specs reg.exe no specs msedge.exe no specs bloxstrap.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
716"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4944 --field-trial-handle=2348,i,16276996836981509495,5283619116649254208,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
900"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5516 --field-trial-handle=2348,i,16276996836981509495,5283619116649254208,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1044\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exewave-luau.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1080\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exewave-luau.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1216fsutil dirty query C:C:\Windows\System32\fsutil.exeWave.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
fsutil.exe
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\fsutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\combase.dll
1224"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7812 --field-trial-handle=2336,i,13087598501106350370,17057667398371626374,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1804"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5096 --field-trial-handle=2348,i,16276996836981509495,5283619116649254208,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
1920C:\Users\admin\AppData\Local\Programs\Wave\Wave.exeC:\Users\admin\AppData\Local\Programs\Wave\Wave.exe
cmd.exe
User:
admin
Company:
GitHub, Inc.
Integrity Level:
HIGH
Description:
Wave
Exit code:
0
Version:
0.3.1
Modules
Images
c:\users\admin\appdata\local\programs\wave\wave.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\users\admin\appdata\local\programs\wave\ffmpeg.dll
c:\windows\system32\rpcrt4.dll
1988"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3988 --field-trial-handle=2336,i,13087598501106350370,17057667398371626374,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2220"C:\Users\admin\AppData\Local\Programs\Wave\Wave.exe" C:\Users\admin\AppData\Local\Programs\Wave\Wave.exeexplorer.exe
User:
admin
Company:
GitHub, Inc.
Integrity Level:
MEDIUM
Description:
Wave
Exit code:
0
Version:
0.3.1
Modules
Images
c:\users\admin\appdata\local\programs\wave\wave.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
26 014
Read events
25 899
Write events
77
Delete events
38

Modification events

(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(4996) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
C38DDBC4C3872F00
(PID) Process:(4996) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
AC54E6C4C3872F00
(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393764
Operation:writeName:WindowTabManagerFileMappingId
Value:
{FDE8F93A-FA31-430C-B1E9-1E34E373E39F}
(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393764
Operation:writeName:WindowTabManagerFileMappingId
Value:
{EDF109A6-BA73-4DBC-A882-EAD6BE39B132}
(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393764
Operation:writeName:WindowTabManagerFileMappingId
Value:
{7AE08423-C2C8-4532-BC92-30AD62C14E63}
(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393764
Operation:writeName:WindowTabManagerFileMappingId
Value:
{7C6F4D29-FDAC-4AE1-A5CF-96E214BDDACF}
Executable files
89
Suspicious files
1 023
Text files
243
Unknown types
15

Dropped files

PID
Process
Filename
Type
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF135382.TMP
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF135392.TMP
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF135392.TMP
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF135392.TMP
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1353d0.TMP
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
46
TCP/UDP connections
322
DNS requests
352
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4536
svchost.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4536
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6900
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7156
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1734558021&P2=404&P3=2&P4=d6pfQh8KmMTwRgWZJBjeYREHbW09lLhcMFU6S%2fB3g39wPEF72hARUI4xgI8hvF5awbYKOESUWRgGDMPxlujtEA%3d%3d
unknown
whitelisted
7908
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7908
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7156
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1734558021&P2=404&P3=2&P4=d6pfQh8KmMTwRgWZJBjeYREHbW09lLhcMFU6S%2fB3g39wPEF72hARUI4xgI8hvF5awbYKOESUWRgGDMPxlujtEA%3d%3d
unknown
whitelisted
7156
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1734558021&P2=404&P3=2&P4=d6pfQh8KmMTwRgWZJBjeYREHbW09lLhcMFU6S%2fB3g39wPEF72hARUI4xgI8hvF5awbYKOESUWRgGDMPxlujtEA%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4536
svchost.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4536
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.23.209.149:443
www.bing.com
Akamai International B.V.
GB
whitelisted
5064
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4712
MoUsoCoreWorker.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4996
msedge.exe
239.255.255.250:1900
whitelisted
6440
msedge.exe
104.21.73.227:443
waveexecutor.io
unknown

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 95.101.149.131
whitelisted
google.com
  • 142.250.185.142
whitelisted
www.bing.com
  • 2.23.209.149
  • 2.23.209.133
  • 2.23.209.187
  • 2.23.209.182
  • 2.23.209.130
  • 92.123.104.33
  • 92.123.104.28
  • 92.123.104.29
  • 92.123.104.31
  • 92.123.104.21
  • 92.123.104.30
  • 92.123.104.22
  • 92.123.104.23
  • 92.123.104.32
  • 2.23.209.179
  • 2.23.209.140
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
waveexecutor.io
  • 104.21.73.227
  • 172.67.167.94
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted

Threats

PID
Process
Class
Message
6440
msedge.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
6440
msedge.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6440
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6440
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6440
msedge.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
Process
Message
Bloxstrap.exe
You must install .NET to run this application. App: C:\Users\admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe Architecture: x64 App host version: 6.0.35 .NET location: Not found Learn about runtime installation: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.35
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://waveexecutor.io/download/