URL:

https://www.advanceduninstaller.com/soft/uninstaller/Advanced_Uninstaller13.exe

Full analysis: https://app.any.run/tasks/427d9ed2-b041-4425-ba0d-b237da306faa
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: April 29, 2025, 18:52:19
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto
generic
evasion
teamviewer
rmm-tool
stealer
inno
installer
delphi
Indicators:
MD5:

BE14548751C0F5DFC4543473420C2A7C

SHA1:

1A451DCB3396FC08B44BF25D100AB44FEED228BA

SHA256:

15FA1DAFF14150918650127C0CB7BF1799FEA38C1B012797F9C2FBDAAC6D3175

SSDEEP:

3:N8DSLOiGAYTXLdIYoWTXKIIMLDgXUBC:2OLOiXYTXLKGXJxXgXsC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GENERIC has been found (auto)

      • msedge.exe (PID: 6264)
      • msedge.exe (PID: 4268)

    • Actions looks like stealing of personal data

      • healthcheck.exe (PID: 8132)

    • Connects to the CnC server

      • Advanced_Uninstaller13.tmp (PID: 6136)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Advanced_Uninstaller13.exe (PID: 3140)
      • Advanced_Uninstaller13.exe (PID: 6660)
      • Advanced_Uninstaller13.tmp (PID: 6136)

    • Reads security settings of Internet Explorer

      • Advanced_Uninstaller13.tmp (PID: 2980)
      • uninstaller.exe (PID: 3396)
      • Advanced_Uninstaller13.tmp (PID: 6136)

    • Reads the Windows owner or organization settings

      • Advanced_Uninstaller13.tmp (PID: 6136)

    • Checks for external IP

      • svchost.exe (PID: 2196)
      • Advanced_Uninstaller13.tmp (PID: 6136)

    • Process drops legitimate windows executable

      • Advanced_Uninstaller13.tmp (PID: 6136)

    • Adds/modifies Windows certificates

      • Advanced_Uninstaller13.tmp (PID: 6136)

    • Uses TASKKILL.EXE to kill process

      • Advanced_Uninstaller13.tmp (PID: 6136)

    • Searches for installed software

      • regedit.exe (PID: 1116)
      • regedit.exe (PID: 1132)
      • uninstaller.exe (PID: 2316)

    • The process verifies whether the antivirus software is installed

      • healthcheck.exe (PID: 8132)

    • The process executes via Task Scheduler

      • uninstaller.exe (PID: 2316)

    • Creates/Modifies COM task schedule object

      • uninstaller.exe (PID: 2316)

    • Executes as Windows Service

      • VSSVC.exe (PID: 7868)

    • Executes application which crashes

      • Advanced_Uninstaller13.tmp (PID: 6136)

    • Uses TASKKILL.EXE to kill Browsers

      • uninstaller.exe (PID: 5508)

  • INFO

    • Reads Environment values

      • identity_helper.exe (PID: 8124)

    • Application launched itself

      • msedge.exe (PID: 4268)
      • chrome.exe (PID: 1168)

    • Checks supported languages

      • identity_helper.exe (PID: 8124)
      • Advanced_Uninstaller13.exe (PID: 3140)
      • Advanced_Uninstaller13.tmp (PID: 2980)
      • Advanced_Uninstaller13.exe (PID: 6660)
      • Advanced_Uninstaller13.tmp (PID: 6136)
      • stop_aup.exe (PID: 7572)
      • healthcheck.exe (PID: 8132)
      • uninstaller.exe (PID: 3396)
      • uninstaller.exe (PID: 2316)
      • uninstaller.exe (PID: 4336)
      • uninstaller.exe (PID: 684)
      • uninstaller.exe (PID: 5508)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6264)
      • msedge.exe (PID: 4268)

    • Reads the computer name

      • identity_helper.exe (PID: 8124)
      • Advanced_Uninstaller13.tmp (PID: 2980)
      • Advanced_Uninstaller13.tmp (PID: 6136)
      • stop_aup.exe (PID: 7572)
      • healthcheck.exe (PID: 8132)
      • uninstaller.exe (PID: 3396)
      • uninstaller.exe (PID: 4336)
      • uninstaller.exe (PID: 2316)
      • uninstaller.exe (PID: 684)
      • uninstaller.exe (PID: 5508)

    • Create files in a temporary directory

      • Advanced_Uninstaller13.exe (PID: 3140)
      • Advanced_Uninstaller13.exe (PID: 6660)
      • Advanced_Uninstaller13.tmp (PID: 6136)

    • The sample compiled with english language support

      • Advanced_Uninstaller13.tmp (PID: 6136)

    • Reads the machine GUID from the registry

      • Advanced_Uninstaller13.tmp (PID: 6136)
      • uninstaller.exe (PID: 2316)

    • Reads the software policy settings

      • Advanced_Uninstaller13.tmp (PID: 6136)
      • slui.exe (PID: 7860)

    • Process checks computer location settings

      • Advanced_Uninstaller13.tmp (PID: 2980)

    • Creates files or folders in the user directory

      • Advanced_Uninstaller13.tmp (PID: 6136)
      • uninstaller.exe (PID: 2316)
      • uninstaller.exe (PID: 5508)

    • Detects InnoSetup installer (YARA)

      • Advanced_Uninstaller13.tmp (PID: 2980)
      • Advanced_Uninstaller13.exe (PID: 3140)
      • Advanced_Uninstaller13.exe (PID: 6660)
      • Advanced_Uninstaller13.tmp (PID: 6136)

    • Creates files in the program directory

      • regedit.exe (PID: 1116)
      • regedit.exe (PID: 1132)
      • Advanced_Uninstaller13.tmp (PID: 6136)
      • healthcheck.exe (PID: 8132)
      • uninstaller.exe (PID: 2316)

    • Creates a software uninstall entry

      • Advanced_Uninstaller13.tmp (PID: 6136)

    • TEAMVIEWER has been detected

      • healthcheck.exe (PID: 8132)

    • Checks proxy server information

      • Advanced_Uninstaller13.tmp (PID: 6136)

    • Compiled with Borland Delphi (YARA)

      • Advanced_Uninstaller13.tmp (PID: 2980)
      • Advanced_Uninstaller13.tmp (PID: 6136)

    • Manages system restore points

      • SrTasks.exe (PID: 9132)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
253
Monitored processes
110
Malicious processes
7
Suspicious processes
3

Behavior graph

Click at the process to see the details
start #GENERIC msedge.exe msedge.exe no specs msedge.exe no specs #GENERIC msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs advanced_uninstaller13.exe advanced_uninstaller13.tmp no specs advanced_uninstaller13.exe advanced_uninstaller13.tmp svchost.exe msedge.exe no specs msedge.exe no specs slui.exe stop_aup.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs regedit.exe no specs regedit.exe no specs healthcheck.exe uninstaller.exe no specs uninstaller.exe uninstaller.exe no specs uninstaller.exe no specs SPPSurrogate no specs vssvc.exe no specs msedge.exe no specs msedge.exe no specs uninstaller.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs werfault.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs checker.exe taskkill.exe no specs conhost.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs srtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
616"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6328 --field-trial-handle=2480,i,6444312970252818546,9602090293763054499,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
616C:\WINDOWS\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
684"C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe" --RP "After installing Advanced Uninstaller PRO"C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exeAdvanced_Uninstaller13.tmp
User:
admin
Company:
Innovative Solutions GRUP SRL
Integrity Level:
HIGH
Description:
Advanced Uninstaller PRO
Exit code:
0
Version:
13.27.0.69
Modules
Images
c:\program files (x86)\innovative solutions\advanced uninstaller pro\uninstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
1116"C:\WINDOWS\regedit.exe" /e entries2.dat HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UninstallC:\Windows\SysWOW64\regedit.exeAdvanced_Uninstaller13.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Editor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regedit.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1132"C:\WINDOWS\regedit.exe" /e entries1.dat HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\UninstallC:\Windows\SysWOW64\regedit.exeAdvanced_Uninstaller13.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Editor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regedit.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1164"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4456 --field-trial-handle=2480,i,6444312970252818546,9602090293763054499,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1168"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.advanceduninstaller.com/aup-dhc-extension.html?cmd=test&tick=0011E721-1&stop=NOC:\Program Files\Google\Chrome\Application\chrome.exe
uninstaller.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1348Taskkill.exe /IM chrome.exeC:\Windows\SysWOW64\taskkill.exeuninstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1672"Taskkill.exe" /IM innoupd.exe /FC:\Windows\SysWOW64\taskkill.exeAdvanced_Uninstaller13.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2084"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6208 --field-trial-handle=2480,i,6444312970252818546,9602090293763054499,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
45 320
Read events
44 937
Write events
349
Delete events
34

Modification events

(PID) Process:(4268) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4268) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(4268) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(4268) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(4268) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
66ADB59585922F00
(PID) Process:(4268) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
5D05BE9585922F00
(PID) Process:(4268) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197456
Operation:writeName:WindowTabManagerFileMappingId
Value:
{696D0525-74A2-455A-9384-C6BC2AF486FC}
(PID) Process:(4268) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
B038DE9585922F00
(PID) Process:(4268) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A
Value:
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
(PID) Process:(4268) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\Commands\on-logon-autolaunch
Operation:writeName:Enabled
Value:
0
Executable files
53
Suspicious files
606
Text files
283
Unknown types
0

Dropped files

PID
Process
Filename
Type
4268msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10b807.TMP
MD5:
SHA256:
4268msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
4268msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10b807.TMP
MD5:
SHA256:
4268msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10b807.TMP
MD5:
SHA256:
4268msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
4268msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
4268msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10b817.TMP
MD5:
SHA256:
4268msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
4268msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10b826.TMP
MD5:
SHA256:
4268msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
54
TCP/UDP connections
137
DNS requests
149
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
2.19.11.105:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5508
uninstaller.exe
GET
200
157.90.140.164:80
http://www.advanceduninstaller.com/promo8//Other%20websites/_default/bonus-2/small_buy_n.bmp
unknown
4188
svchost.exe
GET
206
208.89.74.29:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1746451874&P2=404&P3=2&P4=L%2fpPT0Xgmp0jIyucptwMJBS5IxdupzJEtzLhLeDVeBBvI6IBEXqlqhe%2fl7RM6A0extkfcS6kz2JfQimSPWx5mg%3d%3d
unknown
whitelisted
4188
svchost.exe
GET
206
208.89.74.29:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1746451874&P2=404&P3=2&P4=L%2fpPT0Xgmp0jIyucptwMJBS5IxdupzJEtzLhLeDVeBBvI6IBEXqlqhe%2fl7RM6A0extkfcS6kz2JfQimSPWx5mg%3d%3d
unknown
whitelisted
2104
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7084
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7084
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
4268
msedge.exe
GET
200
151.101.66.133:80
http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgW3WQu2HUdhUx4%2Fde0%3D
unknown
whitelisted
4268
msedge.exe
GET
200
151.101.66.133:80
http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q%2FFkJhmPF7POxEztXHAOSNhECDA5ml5aITsG9Y8TP4w%3D%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
2.19.11.105:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
2104
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
4
System
192.168.100.255:138
whitelisted
6264
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6264
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6264
msedge.exe
157.90.140.164:443
www.advanceduninstaller.com
Hetzner Online GmbH
DE
unknown
6264
msedge.exe
13.107.246.45:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6264
msedge.exe
13.107.6.158:443
business.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 2.19.11.105
  • 2.19.11.120
whitelisted
google.com
  • 142.250.186.174
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 23.35.229.160
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
www.advanceduninstaller.com
  • 157.90.140.164
unknown
business.bing.com
  • 13.107.6.158
whitelisted
edgeservices.bing.com
  • 2.19.96.17
  • 2.19.96.42
  • 2.19.96.83
  • 2.19.96.57
  • 2.19.96.96
  • 2.19.96.67
  • 2.19.96.8
  • 2.19.96.40
  • 2.19.96.59
whitelisted

Threats

PID
Process
Class
Message
Device Retrieving External IP Address Detected
ET INFO Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
Misc activity
ET ADWARE_PUP Drivermax Utility Checkin Activity
Device Retrieving External IP Address Detected
ET INFO External IP Lookup ipinfo.io
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.advanceduninstaller.com/soft/uninstaller/Advanced_Uninstaller13.exe