URL:

https://github.com/3raab-cx/AntiRat

Full analysis: https://app.any.run/tasks/e83e082e-a2ad-4bc3-ac3e-1d8d9174cc5e
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: March 24, 2025, 10:10:11
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
github
autorun-download
python
trox
stealer
ims-api
generic
Indicators:
MD5:

B085652C640D32184280B833267563EB

SHA1:

65957A80240A87FBF204282292FD8B308E827754

SHA256:

0241532B3E668D855AE5F3C0B918666C07D4FE4F0D5B5D76F9C3763925EC5D67

SSDEEP:

3:N8tEdBmdKCqon:2unmIQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • TROX has been detected

      • AntiRat.2.0.exe (PID: 6744)
      • CrypterRat.exe (PID: 2432)

    • Steals credentials from Web Browsers

      • CrypterRat.exe (PID: 236)

    • Actions looks like stealing of personal data

      • CrypterRat.exe (PID: 236)

  • SUSPICIOUS

    • Process drops python dynamic module

      • AntiRat.2.0.exe (PID: 6744)
      • CrypterRat.exe (PID: 2432)

    • Executable content was dropped or overwritten

      • AntiRat.2.0.exe (PID: 6744)
      • CrypterRat.exe (PID: 2432)

    • Process drops legitimate windows executable

      • AntiRat.2.0.exe (PID: 6744)
      • CrypterRat.exe (PID: 2432)

    • The process drops C-runtime libraries

      • AntiRat.2.0.exe (PID: 6744)
      • CrypterRat.exe (PID: 2432)

    • Loads Python modules

      • AntiRat.exe (PID: 1388)
      • CrypterRat.exe (PID: 236)

    • Possible usage of Discord/Telegram API has been detected (YARA)

      • CrypterRat.exe (PID: 236)
      • AntiRat.exe (PID: 1388)

    • Reads security settings of Internet Explorer

      • CrypterRat.exe (PID: 236)

    • Starts CMD.EXE for commands execution

      • AntiRat.exe (PID: 1388)

    • Creates file in the systems drive root

      • CrypterRat.exe (PID: 236)

  • INFO

    • Reads Environment values

      • identity_helper.exe (PID: 680)

    • Reads the computer name

      • identity_helper.exe (PID: 680)
      • AntiRat.exe (PID: 1388)

    • Checks supported languages

      • identity_helper.exe (PID: 680)
      • AntiRat.2.0.exe (PID: 6744)
      • AntiRat.exe (PID: 1388)
      • CrypterRat.exe (PID: 236)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 5596)
      • msedge.exe (PID: 7388)
      • msedge.exe (PID: 4452)
      • WinRAR.exe (PID: 5404)

    • Autorun file from Downloads

      • msedge.exe (PID: 8116)
      • msedge.exe (PID: 5596)
      • msedge.exe (PID: 8076)

    • The sample compiled with english language support

      • AntiRat.2.0.exe (PID: 6744)
      • CrypterRat.exe (PID: 2432)
      • msedge.exe (PID: 4452)

    • Create files in a temporary directory

      • AntiRat.2.0.exe (PID: 6744)
      • CrypterRat.exe (PID: 2432)

    • Reads the software policy settings

      • slui.exe (PID: 7856)

    • Application launched itself

      • msedge.exe (PID: 5596)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

ims-api

(PID) Process(1388) AntiRat.exe
Discord-Webhook-Tokens (1)1322477887432953956/Nn-VtAu80aj3axLgLd7vXije4RXJNxty733TXUfAsGKdxF7PhGQG70rSoT85GbMvfVOa
Discord-Info-Links
1322477887432953956/Nn-VtAu80aj3axLgLd7vXije4RXJNxty733TXUfAsGKdxF7PhGQG70rSoT85GbMvfVOa
Get Webhook Infohttps://discord.com/api/webhooks/1322477887432953956/Nn-VtAu80aj3axLgLd7vXije4RXJNxty733TXUfAsGKdxF7PhGQG70rSoT85GbMvfVOa
(PID) Process(236) CrypterRat.exe
Discord-Webhook-Tokens (1)1331062504951906464/q5NdQJ20V552-Hjiw7_zb3V_rwMtwkwdtWIpJaP3sNoiKh_aWNppqRINE4FkOFgAIF3p
Discord-Info-Links
1331062504951906464/q5NdQJ20V552-Hjiw7_zb3V_rwMtwkwdtWIpJaP3sNoiKh_aWNppqRINE4FkOFgAIF3p
Get Webhook Infohttps://discord.com/api/webhooks/1331062504951906464/q5NdQJ20V552-Hjiw7_zb3V_rwMtwkwdtWIpJaP3sNoiKh_aWNppqRINE4FkOFgAIF3p
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
211
Monitored processes
74
Malicious processes
8
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs #TROX antirat.2.0.exe conhost.exe no specs antirat.exe no specs cmd.exe no specs cmd.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs #TROX crypterrat.exe crypterrat.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
236"C:\Users\admin\AppData\Local\Temp\Rar$EXb5404.44718\CrypterRat 3.0\CrypterRat.exe"C:\Users\admin\AppData\Local\Temp\onefile_2432_133872847696117998\CrypterRat.exe
CrypterRat.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\appdata\local\temp\onefile_2432_133872847696117998\crypterrat.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\onefile_2432_133872847696117998\python311.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcrypt.dll
ims-api
(PID) Process(236) CrypterRat.exe
Discord-Webhook-Tokens (1)1331062504951906464/q5NdQJ20V552-Hjiw7_zb3V_rwMtwkwdtWIpJaP3sNoiKh_aWNppqRINE4FkOFgAIF3p
Discord-Info-Links
1331062504951906464/q5NdQJ20V552-Hjiw7_zb3V_rwMtwkwdtWIpJaP3sNoiKh_aWNppqRINE4FkOFgAIF3p
Get Webhook Infohttps://discord.com/api/webhooks/1331062504951906464/q5NdQJ20V552-Hjiw7_zb3V_rwMtwkwdtWIpJaP3sNoiKh_aWNppqRINE4FkOFgAIF3p
680"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6024 --field-trial-handle=2312,i,3632424031735651718,3776239922061798827,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
812"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5640 --field-trial-handle=2312,i,3632424031735651718,3776239922061798827,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1012C:\WINDOWS\system32\cmd.exe /c title AntiRat Maker - 3raab_C:\Windows\System32\cmd.exeAntiRat.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
1012"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3276 --field-trial-handle=2312,i,3632424031735651718,3776239922061798827,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1188"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5020 --field-trial-handle=2312,i,3632424031735651718,3776239922061798827,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1388C:\Users\admin\Downloads\AntiRat.2.0.exeC:\Users\admin\AppData\Local\Temp\onefile_6744_133872846342578635\AntiRat.exe
AntiRat.2.0.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\appdata\local\temp\onefile_6744_133872846342578635\antirat.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
ims-api
(PID) Process(1388) AntiRat.exe
Discord-Webhook-Tokens (1)1322477887432953956/Nn-VtAu80aj3axLgLd7vXije4RXJNxty733TXUfAsGKdxF7PhGQG70rSoT85GbMvfVOa
Discord-Info-Links
1322477887432953956/Nn-VtAu80aj3axLgLd7vXije4RXJNxty733TXUfAsGKdxF7PhGQG70rSoT85GbMvfVOa
Get Webhook Infohttps://discord.com/api/webhooks/1322477887432953956/Nn-VtAu80aj3axLgLd7vXije4RXJNxty733TXUfAsGKdxF7PhGQG70rSoT85GbMvfVOa
1616"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5140 --field-trial-handle=2312,i,3632424031735651718,3776239922061798827,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1672C:\WINDOWS\system32\cmd.exe /c clsC:\Windows\System32\cmd.exeAntiRat.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
2108"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5604 --field-trial-handle=2312,i,3632424031735651718,3776239922061798827,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
31 969
Read events
30 696
Write events
1 208
Delete events
65

Modification events

(PID) Process:(5596) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(5596) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(5596) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(5596) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(5596) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
978F0F18AA8F2F00
(PID) Process:(5596) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
DEF41618AA8F2F00
(PID) Process:(5596) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328526
Operation:writeName:WindowTabManagerFileMappingId
Value:
{8A3925DD-252B-4069-915D-0E471E83E1E6}
(PID) Process:(5596) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328526
Operation:writeName:WindowTabManagerFileMappingId
Value:
{6A3CCB10-0FBE-4FC6-B31C-A70C17E2A08C}
(PID) Process:(5596) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328526
Operation:writeName:WindowTabManagerFileMappingId
Value:
{0BD3569C-8530-48AF-87DD-9515DC79D318}
(PID) Process:(5596) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328526
Operation:writeName:WindowTabManagerFileMappingId
Value:
{712275F9-7908-476F-A29C-7C30A25BBC78}
Executable files
118
Suspicious files
389
Text files
59
Unknown types
2

Dropped files

PID
Process
Filename
Type
5596msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10b671.TMP
MD5:
SHA256:
5596msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
5596msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10b671.TMP
MD5:
SHA256:
5596msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
5596msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10b671.TMP
MD5:
SHA256:
5596msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
5596msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10b680.TMP
MD5:
SHA256:
5596msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
5596msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10b6a0.TMP
MD5:
SHA256:
5596msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
44
TCP/UDP connections
95
DNS requests
114
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
23.53.41.90:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
8164
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
8164
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1812
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
8172
svchost.exe
HEAD
200
217.20.57.19:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/e97d85e8-2e6f-4c6c-8a9a-1d07973733be?P1=1743385292&P2=404&P3=2&P4=RWaL8OsbXes7BvCgEifFc0GPL%2bpXsDaeJTqOde60ZDC95MedhEapRfD8yLqK%2fHpBrORW1BFDTYEiPnEbDiI4Ow%3d%3d
unknown
whitelisted
8172
svchost.exe
GET
206
217.20.57.19:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/e97d85e8-2e6f-4c6c-8a9a-1d07973733be?P1=1743385292&P2=404&P3=2&P4=RWaL8OsbXes7BvCgEifFc0GPL%2bpXsDaeJTqOde60ZDC95MedhEapRfD8yLqK%2fHpBrORW1BFDTYEiPnEbDiI4Ow%3d%3d
unknown
whitelisted
8172
svchost.exe
GET
206
217.20.57.19:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/e97d85e8-2e6f-4c6c-8a9a-1d07973733be?P1=1743385292&P2=404&P3=2&P4=RWaL8OsbXes7BvCgEifFc0GPL%2bpXsDaeJTqOde60ZDC95MedhEapRfD8yLqK%2fHpBrORW1BFDTYEiPnEbDiI4Ow%3d%3d
unknown
whitelisted
8172
svchost.exe
GET
206
217.20.57.19:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/e97d85e8-2e6f-4c6c-8a9a-1d07973733be?P1=1743385292&P2=404&P3=2&P4=RWaL8OsbXes7BvCgEifFc0GPL%2bpXsDaeJTqOde60ZDC95MedhEapRfD8yLqK%2fHpBrORW1BFDTYEiPnEbDiI4Ow%3d%3d
unknown
whitelisted
8172
svchost.exe
GET
206
217.20.57.19:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/e97d85e8-2e6f-4c6c-8a9a-1d07973733be?P1=1743385292&P2=404&P3=2&P4=RWaL8OsbXes7BvCgEifFc0GPL%2bpXsDaeJTqOde60ZDC95MedhEapRfD8yLqK%2fHpBrORW1BFDTYEiPnEbDiI4Ow%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
23.53.41.90:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
7388
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5596
msedge.exe
239.255.255.250:1900
whitelisted
7388
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7388
msedge.exe
13.107.253.44:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7388
msedge.exe
140.82.121.3:443
github.com
GITHUB
US
whitelisted
7388
msedge.exe
13.107.6.158:443
business.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.238
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 23.53.41.90
  • 23.53.40.176
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
  • 204.79.197.239
  • 13.107.21.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.253.44
whitelisted
github.com
  • 140.82.121.3
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
bzib.nelreports.net
  • 2.16.168.107
  • 2.16.168.113
whitelisted
www.bing.com
  • 104.126.37.186
  • 104.126.37.177
  • 104.126.37.123
  • 104.126.37.128
  • 104.126.37.131
  • 104.126.37.178
  • 104.126.37.130
  • 104.126.37.139
  • 104.126.37.144
  • 104.126.37.153
  • 104.126.37.162
  • 104.126.37.155
  • 104.126.37.161
  • 104.126.37.163
  • 104.126.37.160
  • 104.126.37.146
  • 2.19.96.90
  • 2.19.96.50
  • 2.19.96.91
  • 2.19.96.74
  • 2.19.96.35
  • 2.19.96.27
  • 2.19.96.104
  • 2.19.96.82
  • 2.19.96.40
  • 2.19.96.8
  • 2.19.96.26
  • 2.19.96.58
  • 2.19.96.130
  • 2.19.96.11
whitelisted

Threats

PID
Process
Class
Message
7388
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
7388
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
7388
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
7388
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
7388
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
7388
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://github.com/3raab-cx/AntiRat