File name:

1ba8ffaf9d90746deccc9a9d97fb6ffeea76fb222cd3e1afd8704032e1cf0bad

Full analysis: https://app.any.run/tasks/8e117b60-b1c2-4be3-b524-0f04cde95c4a
Verdict: Malicious activity
Threats:

RisePro, an information-stealing malware, targets a wide range of sensitive data, including credit cards, passwords, and cryptocurrency wallets. By compromising infected devices, RisePro can steal valuable information and potentially cause significant financial and personal losses for victims.

Malware Trends Tracker     >>>
Analysis date: July 29, 2025, 17:00:32
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
risepro
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

3CF7A3CA0B21A81F5F4CE2C482037A81

SHA1:

AAF8E71F2BE10B09217C71471E2A1E81C3BE535B

SHA256:

1BA8FFAF9D90746DECCC9A9D97FB6FFEEA76FB222CD3E1AFD8704032E1CF0BAD

SSDEEP:

98304:/kSppzqLc+JROJ3hMdxfkPMwKTrGCeHGd9Cw7+BGFs1guIXprI1YHpvJ/YgumcQP:kFwjTS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • RISEPRO has been detected (YARA)

      • 1ba8ffaf9d90746deccc9a9d97fb6ffeea76fb222cd3e1afd8704032e1cf0bad.exe (PID: 6768)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Checks supported languages

      • 1ba8ffaf9d90746deccc9a9d97fb6ffeea76fb222cd3e1afd8704032e1cf0bad.exe (PID: 6768)

    • The sample compiled with french language support

      • 1ba8ffaf9d90746deccc9a9d97fb6ffeea76fb222cd3e1afd8704032e1cf0bad.exe (PID: 6768)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

RisePro

(PID) Process(6768) 1ba8ffaf9d90746deccc9a9d97fb6ffeea76fb222cd3e1afd8704032e1cf0bad.exe
C2 (1)193.233.132.67:50500
Strings (493)MachineGuid
imloifkgjagghnncjkhggdhalmcnfklk
aholpfdialjgjfhomihkjbmgjidlcdno
\CURRENT
amkmjjmmflddogmhpjloimipbofnfjih
\.lunarclient\settings\games\accounts.txt
DashCore
p.B}T
grab_games
cert9.db
\discorddevelopment
encrypted_key
\app-store.json
Anoncoin
\uCozMedia\Uran\User Data
hmeobnfnfcmdkdcmlblgagmfpfboieaf
Password: %s
mark_domains
HWID: %s
An uncaught exception occurred_ip2:
Storage: %s [%s]
\ElectronCash\wallets
\Mail.Ru\Atom\User Data
Nichrome
Maxthon3
mcohilncbfahbmgdjkbpemcciiolgcge
\Element
ookjlbkiijinhpmnjffcofjonbfbgaoc
\save.dat
LOCALAPPDATA
hnfanknocfeofbddgcijnmhnfnkdnaad
\Sputnik\Sputnik\User Data
bhhhlbepdkbapadjdnnojkbgioiodbic
7Star
api.myip.com/
\information.txt
os_crypt
logins
\Bither\bither.db
egjidjbpglichdcondbcbdnbeeppgdph
\.purple
grab_messengers
\multidoge.wallet
ld_geo
\cert9.db
\Ethereum\wallets
\Microsoft\Skype for Desktop\Local Storage
\foxmail.txt
An uncaught exception occurred_ip4:
\logins.json
Finnie
Orbitum
Daedalus Mainnet
Coinbase
SELECT name_on_card, exp_month, exp_year, last_four, nickname FROM masked_credit_cards
\ElectrumLTC
Bitcoin
An uncaught exception occurred_ip0_1:
config
Elements Browser
CocCoc
bhghoamapcdpbohphigoooaddinpkbai
EVER Wallet
mkpegjkblkkefacfnmkajcjmabijhclg
\Steam
An uncaught exception occurred_ip4. The type was unknown so no information was available.
\IndexedDB
SMTP Password
\CatalinaGroup\Citrio\User Data
fmblappgoiilbgafhjklehhfifbdocee
mgffkfbidihjpoaomajlbgchddlicgpn
PaliWallet
dmkamcknogkgcdfhhbddcghachkejeap
cgeeodpfagjceefieflmdfphplkenlfk
Trezor Password Manager
key4.db
Display Resolution: %dx%d
ilgcnhelpchnceeipipijaljkblbcobl
GeroWallet
EdgeMS
Leap Terra Wallet
Guarda
Eternl
DiscordDevelopment
\Battle.net
ld_autorun_scheduler
Warning!
BBQCoin
grab_vpn
\TotalCommander
\Exodus\exodus.wallet
DiscordCanary
\Iridium\User Data
Megacoin
\Signal
\key4.db
winhttp.dll
Torch
EMartian Aptos Wallet
dngmlblcodfobpdpecaadgfbcggfjfnm
\Cookies
Terracoin
phkbamefinggmakgklpkljjmgibohnba
dkdedlpgdmmkkfjabffeganieamfklkm
HVNC.dll
\Torch\User Data
\Monero\wallets
\OpenVPN Connect\profiles
Brave
nkddgncdjgjfcddamfgcmfnlhccnimig
ejjladinnckdgjemekebdpeokbikhfci
Work Dir: %s
\Atomic
mark_check_passwords
\OpenVPN Connect
\Minecraft
\liebao\User Data
ld_name
MewCx
\Google(x86)\Chrome\User Data
jojhfeoedkpkglbfimdfabpdfjaoolaf
fnjhmkhhmkbjkkabndcnnogagogbneec
Display Language: %ws
\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
\LocalPrefs.json
jnkelfanjkeadonecabehalmbgpfodjm
\Sync Extension Settings\
uCozMedia
Sender Wallet
cphhlgmgameodnhkjdmkpanlelnlohao
\Microsoft\Edge\User Data
HTTP Password
ProductName
jnlgamecbpmbajjfhmmmlhejkemejdma
efbglgofoippbgcjepnhiblaibcnclgk
hostname
EOS Authenticator
country
\launcher_msa_credentials.bin
\accounts.xml
AdobeUpdaterV
ForboleX
Profiles/
An uncaught exception occurred_ip0_2. The type was unknown so no information was available.
nkbihfbeogaeaoehlefnkodbefgpgknn
pdadjkfkgcafgbceimcpbkalnfnepbnk
Keyboard Languages:
Ledger Live
Computer Name: %s
NetboxBrowser
\CryptoTab Browser\User Data
names
SMTP Server
fihkakfobkmkjojpchpfgcmhfjnmnfpi
\Binance\app-store.json
\Electrum-LTC\wallets
\Cookies.txt
www.maxmind.com/geoip/v2.1/city/me
NVIDIA
\databases
cjmkndjhnagcfbpiemnkdpomccnjblmj
\config
\MapleStudio\ChromePlus\User Data
An uncaught exception occurred_ip1:
UserName: %s
\discordptb
Comodo
NiftyWallet
IP: %s
\.minecraft\launcher_msa_credentials.bin
GAuth Authenticator
\Chedot\User Data
ld_url
mark_countries
\NetboxBrowser\User Data
mnfifefkajgofkcjkemidiaecocnkjeh
\Chromodo\User Data
domain
An uncaught exception occurred_ip0_1. The type was unknown so no information was available.
\Games
CloverWallet
Token: %s
use_hvnc
Epic Privacy Browser
\com.liberty.jaxx
\MultiDoge
E-MAIL: %s
\Growtopia
QIP Surf
schtasks /create /f /RU "
Battle.net
C:\program files (x86)\steam
fhbohimaelbohpjbbldcngcnapndodjp
Phantom
password
MetaMask
\Monero
Authenticator
Eth and Polk Web3 Wallet
DisplayVersion
Opera
SaturnWallet
\Binance
Chedot
KardiaChain
Version: %s
b.B}T
ld_marks
ld_autorun_registry
bgpipimickeadkjlklgciifhnalhdjhe
An uncaught exception occurred1:
\launcher_accounts.json
\Comodo\User Data
kpfopkelmapcoipemfendmdcghnegimn
\Google\Chrome\User Data
Storage: %s
db-ip.com/demo/home.php?s=
Date: %s
demoInfo
\GoogleAccounts
aeachknmefphepccionboohckonoeemg
cert8.db
flpiciilemghbmfalicajoolhkkenfel
mark_check_cookies
grab_wallets
Chromodo
\Jaxx Liberty
Freicoin
\Guarda
ibnejdfjmmkpcnlpebklmnkoeoihofec
WavesKeeper
SELECT encryptedUsername, encryptedPassword, formSubmitURL FROM moz_logins
\Network
\Chromium\User Data
Harmony
jbdaocneiiinmjbjlgalhcelgbejmnid
aiifbnbfobpmeekipheeijimdpnlpgpp
gojhcdgcpbpfigcaejpfhfegekdgiblk
\ICQ\0001
\Browsers
Florincoin
[Software]
\Ethereum
\Exodus
\Coinomi\Coinomi\wallets
\Comodo\Dragon\User Data
slickSlideAnd
\Kometa\User Data
%s [%d]
\QIP Surf\User Data
Sollet
\Coinomi
\bither.db
liebao
Ixcoin
\Electrum
URL: %s
\Skype
grab_ds
\K-Melon\User Data
CyanoWallet
Opera Wallet
Vivaldi
Trust Wallet
kncchdigobghenbbaddojjnnaogfppfj
\Elements Browser\User Data
User Name: %s
fnnegphlobjdpkhecapkijjdkgcjhkib
blnieiiffboillknjnepogjhkgnoapac
YACoin
\discordcanary
bfnaelmomeimhlpmgjnjophhpkkoljpa
\Session Storage
GoldCoin (GLD)
Maiar DeFi Wallet
\BraveSoftware\Brave-Browser\User Data
Network\
encryptedPassword
mark_check_history
login
grab_screen
SOFTWARE\Microsoft\Windows NT\CurrentVersion
Backpack
Franko
Software\Microsoft\Windows\CurrentVersion\Run
\Orbitum\User Data
MathWallet
\Electrum\wallets
\Pidgin
AuroWallet
\passwords.txt
\.feather\accounts.json
log_watermark_line_1
Citrio
cnmamaachppnkjgnildpdmkaakejnhae
Processor: %s
Yandex
360Browser
Petra Aptos Wallet
devcoin
NtTerminateProcess
log_watermark_line_2
oeljdldpnmdbchonielidgobddffflal
DisplayName
\cert8.db
ffnbelfdoeiohenkjibnmadjiehjhajb
Solflare
\GHISLER\wcx_ftp.ini
C:\program files\steam
\Vivaldi\User Data
profile
nlbmnnijcnlegkjjpcfjclmcfggfefdm
[Processes]
\Element\Local Storage
LiqualityWallet
An uncaught exception occurred1. The type was unknown so no information was available.
\signons.sqlite
lpfcbjknijpeeillifnkikgncikgfhdo
\wcx_ftp.ini
\Coowon\Coowon\User Data
\Wasabi
gjagmgiddbbciopjhllkdnddhcglnemk
ProcessorNameString
\key3.db
MSIUpdaterV
\Nichrome\User Data
\Bither
Discord
IOCoin
/ %s
TezBox
NeoLine
An uncaught exception occurred_ip1. The type was unknown so no information was available.
\Jaxx
\ElectronCash
Mincoin
Magic Eden Wallet
Amigo
nanjmdknhkinifnkgdcggcfnhdaammmj
\Yandex\YandexBrowser\User Data
cards
fhilaheimglignddkjgofkcbgekhenbh
BraveWallet
\.minecraft\launcher_profiles.json
CryptoTab
This program is a virus. Do you really want to run it?
\ey_tokens.txt
Zcash
\.tlauncher\mcl\Minecraft\game\tlauncher_profiles.json
Chrome
%s [%s]
key3.db
\Amigo\User\User Data
countryCode
kmhcihpebfmpgmihbkipmjlmmioameka
ChromePlus
Wombat
epapihdplajcdnnkdeiahlgigofloibg
digitalcoin
An uncaught exception occurred_ip0_2:
Coowon
LG" /sc ONLOGON /rl HIGHEST
iso_code
\CocCoc\Browser\User Data
fhmfendgdocmcbmfikdcogofphimnkno
lpilbniiabackdjcionkobglmddfbcjo
https://
hpglfhgfnhbgpjdenjgmdgoeiappafln
\.minecraft\launcher_accounts.json
ld_autorun_shell
Path: %s
\Discord
Chromium
\Messengers
HR" /sc HOURLY /rl HIGHEST
Sputnik
Yoroi
afbcbjpbpfadlkmhmclhkeeodmamcflc
APPDATA
Namecoin
" /tr "
Keplr
Terra
BinanceChainWallet
cookies
odbfpeeihdkbihmopkbjmoonfanlbfcl
Local Time: %d/%d/%d %d:%d:%d
\MultiDoge\multidoge.wallet
OKX Wallet
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
GuildWallet
value
\Epic Privacy Browser\User Data
aflkmfhebedbjioipglgcbcmnbpgliof
\Jaxx\Local Storage
grab_ihistory
WININET.DLL
iWallet
\launcher_profiles.json
aijcbedoijmgnlmjeegjaglmepbmpkpi
An uncaught exception occurred_ip2. The type was unknown so no information was available.
Exodus_E
ChromiumViewer
hcflpincpppdclinealmandijcmnkbgn
Bolt X
\Growtopia\save.dat
nhnkbkgjikgcigadomkphalanndcapjk
grab_tg
\profiles.ini
ALLUSERSPROFILE
Login: %s
grab_ftp
Reddcoin
I&}P?
Location: %s, %s
HARDWARE\DESCRIPTION\System\CentralProcessor\0
Temple
coin98
Hashpack
\accounts.txt
kkpllkodjeloidieedojogacfhpaihoh
%s\%s
Oxygen
\tlauncher_profiles.json
Jaxx Liberty Extension
Windows: %s [%s]
1.1.1.1
\CentBrowser\User Data
EQUALWallet
\FeatherClient
\Passwords.txt
Steam
ICONex
POP3 Password
\Armory
XDEFI Wallet
ipinfo.io/widget/demo/
Iridium
VideoCard #%d: %s
api64.ipify.org/?format=json
CPU Count: %d
merge_browser_data
Rabby
Chrome (x86)
RoninWallet
heidi
gtokens
\discord.txt
PolymeshWallet
\Uran\User Data
\atomic\Local Storage
\Opera Software
WindowsCredentials
LocalPrefs.json
\NVIDIA Corporation\NVIDIA GeForce Experience
Dragon
\TLauncher
Infinitecoin
USERPROFILE
Pontem Aptos Wallet
Unknown
\LunarClient
cjelfplplebdjjenllpjcblmjkfcffne
\History
Litecoin
\FileZilla
[Hardware]
DiscordPTB
aodkkagnadcbobfpggfnjeongemjbjca
" /tn "
Braavos wallet
\config.json
K-Melon
Dogecoin
log_watermark_line_3
BitAppWallet
\Local Storage
\360Browser\Browser\User Data
RAM: %u MB
acmacodkjbdgmoleebolmdjonilkdbch
SELECT host_key, is_httponly, path, is_secure, expires_utc, name, value, encrypted_value FROM cookies
Profile
TronLink
\WalletWasabi\Client\Wallets
\7Star\7Star\User Data
formSubmitURL
\Maxthon3\User Data
\accounts.json
CentBrowser
adobe
Primecoin
Kometa
SOFTWARE\Microsoft\Cryptography
No Malware configuration.

TRiD

.dll | Win32 Dynamic Link Library (generic) (43.5)
.exe | Win32 Executable (generic) (29.8)
.exe | Generic Win/DOS Executable (13.2)
.exe | DOS Executable Generic (13.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:12 07:50:19+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.34
CodeSize: 1092608
InitializedDataSize: 408064
UninitializedDataSize: -
EntryPoint: 0x4a6e18
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 22.22.795.2
ProductVersionNumber: 1.0.0.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: French
CharacterSet: Unicode
CompanyName: INOVA
FileDescription: -
FileVersion: 22.22.795.2
Version: 22.22.795.2
LegalCopyright: -
WDVersion: 22
ProductName: qrcaisse
ProductVersion: 22.22.795.2
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
137
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #RISEPRO 1ba8ffaf9d90746deccc9a9d97fb6ffeea76fb222cd3e1afd8704032e1cf0bad.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2696C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6768"C:\Users\admin\AppData\Local\Temp\1ba8ffaf9d90746deccc9a9d97fb6ffeea76fb222cd3e1afd8704032e1cf0bad.exe" C:\Users\admin\AppData\Local\Temp\1ba8ffaf9d90746deccc9a9d97fb6ffeea76fb222cd3e1afd8704032e1cf0bad.exe
explorer.exe
User:
admin
Company:
INOVA
Integrity Level:
MEDIUM
Version:
22.22.795.2
Modules
Images
c:\users\admin\appdata\local\temp\1ba8ffaf9d90746deccc9a9d97fb6ffeea76fb222cd3e1afd8704032e1cf0bad.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
RisePro
(PID) Process(6768) 1ba8ffaf9d90746deccc9a9d97fb6ffeea76fb222cd3e1afd8704032e1cf0bad.exe
C2 (1)193.233.132.67:50500
Strings (493)MachineGuid
imloifkgjagghnncjkhggdhalmcnfklk
aholpfdialjgjfhomihkjbmgjidlcdno
\CURRENT
amkmjjmmflddogmhpjloimipbofnfjih
\.lunarclient\settings\games\accounts.txt
DashCore
p.B}T
grab_games
cert9.db
\discorddevelopment
encrypted_key
\app-store.json
Anoncoin
\uCozMedia\Uran\User Data
hmeobnfnfcmdkdcmlblgagmfpfboieaf
Password: %s
mark_domains
HWID: %s
An uncaught exception occurred_ip2:
Storage: %s [%s]
\ElectronCash\wallets
\Mail.Ru\Atom\User Data
Nichrome
Maxthon3
mcohilncbfahbmgdjkbpemcciiolgcge
\Element
ookjlbkiijinhpmnjffcofjonbfbgaoc
\save.dat
LOCALAPPDATA
hnfanknocfeofbddgcijnmhnfnkdnaad
\Sputnik\Sputnik\User Data
bhhhlbepdkbapadjdnnojkbgioiodbic
7Star
api.myip.com/
\information.txt
os_crypt
logins
\Bither\bither.db
egjidjbpglichdcondbcbdnbeeppgdph
\.purple
grab_messengers
\multidoge.wallet
ld_geo
\cert9.db
\Ethereum\wallets
\Microsoft\Skype for Desktop\Local Storage
\foxmail.txt
An uncaught exception occurred_ip4:
\logins.json
Finnie
Orbitum
Daedalus Mainnet
Coinbase
SELECT name_on_card, exp_month, exp_year, last_four, nickname FROM masked_credit_cards
\ElectrumLTC
Bitcoin
An uncaught exception occurred_ip0_1:
config
Elements Browser
CocCoc
bhghoamapcdpbohphigoooaddinpkbai
EVER Wallet
mkpegjkblkkefacfnmkajcjmabijhclg
\Steam
An uncaught exception occurred_ip4. The type was unknown so no information was available.
\IndexedDB
SMTP Password
\CatalinaGroup\Citrio\User Data
fmblappgoiilbgafhjklehhfifbdocee
mgffkfbidihjpoaomajlbgchddlicgpn
PaliWallet
dmkamcknogkgcdfhhbddcghachkejeap
cgeeodpfagjceefieflmdfphplkenlfk
Trezor Password Manager
key4.db
Display Resolution: %dx%d
ilgcnhelpchnceeipipijaljkblbcobl
GeroWallet
EdgeMS
Leap Terra Wallet
Guarda
Eternl
DiscordDevelopment
\Battle.net
ld_autorun_scheduler
Warning!
BBQCoin
grab_vpn
\TotalCommander
\Exodus\exodus.wallet
DiscordCanary
\Iridium\User Data
Megacoin
\Signal
\key4.db
winhttp.dll
Torch
EMartian Aptos Wallet
dngmlblcodfobpdpecaadgfbcggfjfnm
\Cookies
Terracoin
phkbamefinggmakgklpkljjmgibohnba
dkdedlpgdmmkkfjabffeganieamfklkm
HVNC.dll
\Torch\User Data
\Monero\wallets
\OpenVPN Connect\profiles
Brave
nkddgncdjgjfcddamfgcmfnlhccnimig
ejjladinnckdgjemekebdpeokbikhfci
Work Dir: %s
\Atomic
mark_check_passwords
\OpenVPN Connect
\Minecraft
\liebao\User Data
ld_name
MewCx
\Google(x86)\Chrome\User Data
jojhfeoedkpkglbfimdfabpdfjaoolaf
fnjhmkhhmkbjkkabndcnnogagogbneec
Display Language: %ws
\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
\LocalPrefs.json
jnkelfanjkeadonecabehalmbgpfodjm
\Sync Extension Settings\
uCozMedia
Sender Wallet
cphhlgmgameodnhkjdmkpanlelnlohao
\Microsoft\Edge\User Data
HTTP Password
ProductName
jnlgamecbpmbajjfhmmmlhejkemejdma
efbglgofoippbgcjepnhiblaibcnclgk
hostname
EOS Authenticator
country
\launcher_msa_credentials.bin
\accounts.xml
AdobeUpdaterV
ForboleX
Profiles/
An uncaught exception occurred_ip0_2. The type was unknown so no information was available.
nkbihfbeogaeaoehlefnkodbefgpgknn
pdadjkfkgcafgbceimcpbkalnfnepbnk
Keyboard Languages:
Ledger Live
Computer Name: %s
NetboxBrowser
\CryptoTab Browser\User Data
names
SMTP Server
fihkakfobkmkjojpchpfgcmhfjnmnfpi
\Binance\app-store.json
\Electrum-LTC\wallets
\Cookies.txt
www.maxmind.com/geoip/v2.1/city/me
NVIDIA
\databases
cjmkndjhnagcfbpiemnkdpomccnjblmj
\config
\MapleStudio\ChromePlus\User Data
An uncaught exception occurred_ip1:
UserName: %s
\discordptb
Comodo
NiftyWallet
IP: %s
\.minecraft\launcher_msa_credentials.bin
GAuth Authenticator
\Chedot\User Data
ld_url
mark_countries
\NetboxBrowser\User Data
mnfifefkajgofkcjkemidiaecocnkjeh
\Chromodo\User Data
domain
An uncaught exception occurred_ip0_1. The type was unknown so no information was available.
\Games
CloverWallet
Token: %s
use_hvnc
Epic Privacy Browser
\com.liberty.jaxx
\MultiDoge
E-MAIL: %s
\Growtopia
QIP Surf
schtasks /create /f /RU "
Battle.net
C:\program files (x86)\steam
fhbohimaelbohpjbbldcngcnapndodjp
Phantom
password
MetaMask
\Monero
Authenticator
Eth and Polk Web3 Wallet
DisplayVersion
Opera
SaturnWallet
\Binance
Chedot
KardiaChain
Version: %s
b.B}T
ld_marks
ld_autorun_registry
bgpipimickeadkjlklgciifhnalhdjhe
An uncaught exception occurred1:
\launcher_accounts.json
\Comodo\User Data
kpfopkelmapcoipemfendmdcghnegimn
\Google\Chrome\User Data
Storage: %s
db-ip.com/demo/home.php?s=
Date: %s
demoInfo
\GoogleAccounts
aeachknmefphepccionboohckonoeemg
cert8.db
flpiciilemghbmfalicajoolhkkenfel
mark_check_cookies
grab_wallets
Chromodo
\Jaxx Liberty
Freicoin
\Guarda
ibnejdfjmmkpcnlpebklmnkoeoihofec
WavesKeeper
SELECT encryptedUsername, encryptedPassword, formSubmitURL FROM moz_logins
\Network
\Chromium\User Data
Harmony
jbdaocneiiinmjbjlgalhcelgbejmnid
aiifbnbfobpmeekipheeijimdpnlpgpp
gojhcdgcpbpfigcaejpfhfegekdgiblk
\ICQ\0001
\Browsers
Florincoin
[Software]
\Ethereum
\Exodus
\Coinomi\Coinomi\wallets
\Comodo\Dragon\User Data
slickSlideAnd
\Kometa\User Data
%s [%d]
\QIP Surf\User Data
Sollet
\Coinomi
\bither.db
liebao
Ixcoin
\Electrum
URL: %s
\Skype
grab_ds
\K-Melon\User Data
CyanoWallet
Opera Wallet
Vivaldi
Trust Wallet
kncchdigobghenbbaddojjnnaogfppfj
\Elements Browser\User Data
User Name: %s
fnnegphlobjdpkhecapkijjdkgcjhkib
blnieiiffboillknjnepogjhkgnoapac
YACoin
\discordcanary
bfnaelmomeimhlpmgjnjophhpkkoljpa
\Session Storage
GoldCoin (GLD)
Maiar DeFi Wallet
\BraveSoftware\Brave-Browser\User Data
Network\
encryptedPassword
mark_check_history
login
grab_screen
SOFTWARE\Microsoft\Windows NT\CurrentVersion
Backpack
Franko
Software\Microsoft\Windows\CurrentVersion\Run
\Orbitum\User Data
MathWallet
\Electrum\wallets
\Pidgin
AuroWallet
\passwords.txt
\.feather\accounts.json
log_watermark_line_1
Citrio
cnmamaachppnkjgnildpdmkaakejnhae
Processor: %s
Yandex
360Browser
Petra Aptos Wallet
devcoin
NtTerminateProcess
log_watermark_line_2
oeljdldpnmdbchonielidgobddffflal
DisplayName
\cert8.db
ffnbelfdoeiohenkjibnmadjiehjhajb
Solflare
\GHISLER\wcx_ftp.ini
C:\program files\steam
\Vivaldi\User Data
profile
nlbmnnijcnlegkjjpcfjclmcfggfefdm
[Processes]
\Element\Local Storage
LiqualityWallet
An uncaught exception occurred1. The type was unknown so no information was available.
\signons.sqlite
lpfcbjknijpeeillifnkikgncikgfhdo
\wcx_ftp.ini
\Coowon\Coowon\User Data
\Wasabi
gjagmgiddbbciopjhllkdnddhcglnemk
ProcessorNameString
\key3.db
MSIUpdaterV
\Nichrome\User Data
\Bither
Discord
IOCoin
/ %s
TezBox
NeoLine
An uncaught exception occurred_ip1. The type was unknown so no information was available.
\Jaxx
\ElectronCash
Mincoin
Magic Eden Wallet
Amigo
nanjmdknhkinifnkgdcggcfnhdaammmj
\Yandex\YandexBrowser\User Data
cards
fhilaheimglignddkjgofkcbgekhenbh
BraveWallet
\.minecraft\launcher_profiles.json
CryptoTab
This program is a virus. Do you really want to run it?
\ey_tokens.txt
Zcash
\.tlauncher\mcl\Minecraft\game\tlauncher_profiles.json
Chrome
%s [%s]
key3.db
\Amigo\User\User Data
countryCode
kmhcihpebfmpgmihbkipmjlmmioameka
ChromePlus
Wombat
epapihdplajcdnnkdeiahlgigofloibg
digitalcoin
An uncaught exception occurred_ip0_2:
Coowon
LG" /sc ONLOGON /rl HIGHEST
iso_code
\CocCoc\Browser\User Data
fhmfendgdocmcbmfikdcogofphimnkno
lpilbniiabackdjcionkobglmddfbcjo
https://
hpglfhgfnhbgpjdenjgmdgoeiappafln
\.minecraft\launcher_accounts.json
ld_autorun_shell
Path: %s
\Discord
Chromium
\Messengers
HR" /sc HOURLY /rl HIGHEST
Sputnik
Yoroi
afbcbjpbpfadlkmhmclhkeeodmamcflc
APPDATA
Namecoin
" /tr "
Keplr
Terra
BinanceChainWallet
cookies
odbfpeeihdkbihmopkbjmoonfanlbfcl
Local Time: %d/%d/%d %d:%d:%d
\MultiDoge\multidoge.wallet
OKX Wallet
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
GuildWallet
value
\Epic Privacy Browser\User Data
aflkmfhebedbjioipglgcbcmnbpgliof
\Jaxx\Local Storage
grab_ihistory
WININET.DLL
iWallet
\launcher_profiles.json
aijcbedoijmgnlmjeegjaglmepbmpkpi
An uncaught exception occurred_ip2. The type was unknown so no information was available.
Exodus_E
ChromiumViewer
hcflpincpppdclinealmandijcmnkbgn
Bolt X
\Growtopia\save.dat
nhnkbkgjikgcigadomkphalanndcapjk
grab_tg
\profiles.ini
ALLUSERSPROFILE
Login: %s
grab_ftp
Reddcoin
I&}P?
Location: %s, %s
HARDWARE\DESCRIPTION\System\CentralProcessor\0
Temple
coin98
Hashpack
\accounts.txt
kkpllkodjeloidieedojogacfhpaihoh
%s\%s
Oxygen
\tlauncher_profiles.json
Jaxx Liberty Extension
Windows: %s [%s]
1.1.1.1
\CentBrowser\User Data
EQUALWallet
\FeatherClient
\Passwords.txt
Steam
ICONex
POP3 Password
\Armory
XDEFI Wallet
ipinfo.io/widget/demo/
Iridium
VideoCard #%d: %s
api64.ipify.org/?format=json
CPU Count: %d
merge_browser_data
Rabby
Chrome (x86)
RoninWallet
heidi
gtokens
\discord.txt
PolymeshWallet
\Uran\User Data
\atomic\Local Storage
\Opera Software
WindowsCredentials
LocalPrefs.json
\NVIDIA Corporation\NVIDIA GeForce Experience
Dragon
\TLauncher
Infinitecoin
USERPROFILE
Pontem Aptos Wallet
Unknown
\LunarClient
cjelfplplebdjjenllpjcblmjkfcffne
\History
Litecoin
\FileZilla
[Hardware]
DiscordPTB
aodkkagnadcbobfpggfnjeongemjbjca
" /tn "
Braavos wallet
\config.json
K-Melon
Dogecoin
log_watermark_line_3
BitAppWallet
\Local Storage
\360Browser\Browser\User Data
RAM: %u MB
acmacodkjbdgmoleebolmdjonilkdbch
SELECT host_key, is_httponly, path, is_secure, expires_utc, name, value, encrypted_value FROM cookies
Profile
TronLink
\WalletWasabi\Client\Wallets
\7Star\7Star\User Data
formSubmitURL
\Maxthon3\User Data
\accounts.json
CentBrowser
adobe
Primecoin
Kometa
SOFTWARE\Microsoft\Cryptography
Total events
236
Read events
236
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
21
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4520
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.20:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6820
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3400
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4520
svchost.exe
40.126.31.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4520
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
23.216.77.20:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
  • 51.124.78.146
whitelisted
google.com
  • 216.58.206.46
whitelisted
login.live.com
  • 40.126.31.2
  • 40.126.31.128
  • 40.126.31.130
  • 20.190.159.129
  • 20.190.159.131
  • 40.126.31.129
  • 20.190.159.130
  • 20.190.159.0
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
crl.microsoft.com
  • 23.216.77.20
  • 23.216.77.25
  • 23.216.77.8
  • 23.216.77.19
  • 23.216.77.36
  • 23.216.77.42
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
slscr.update.microsoft.com
  • 74.178.76.128
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted
self.events.data.microsoft.com
  • 51.116.253.169
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
1ba8ffaf9d90746deccc9a9d97fb6ffeea76fb222cd3e1afd8704032e1cf0bad