URL:

https://filedoge.com/download/7758fa347ba128f8a31e84dcb95e4435702e1b9c422de27797262b1e0cbb6a1fa8122b34fdc09c34246d

Full analysis: https://app.any.run/tasks/9cfb5fe4-23cb-49d8-bd61-a77fd11f0c45
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: July 14, 2025, 08:20:11
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
ims-api
generic
zerotrace
api-base64
Indicators:
MD5:

B4ABE04D615653FC014BF8E85E54CE5B

SHA1:

E4624CE81671E57D4148CD0C3AB26905E3944643

SHA256:

1EBDFE3EA779C6C82A21E2BB2213D30306B6B9EBC31BC97E3DB689D62B08AE0B

SSDEEP:

3:N8TALd3BKLSjBmiMlmX9xCXUAsThEdUXGlgg1B:2KKmUlg9sslGT1B

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Steals credentials from Web Browsers

      • grpconv.exe (PID: 7844)
      • grpconv.exe (PID: 7904)
      • grpconv.exe (PID: 7980)
      • grpconv.exe (PID: 2032)
      • grpconv.exe (PID: 7776)
      • grpconv.exe (PID: 2136)
      • grpconv.exe (PID: 3580)
      • grpconv.exe (PID: 8124)
      • grpconv.exe (PID: 7456)
      • grpconv.exe (PID: 7588)

    • Actions looks like stealing of personal data

      • grpconv.exe (PID: 7844)
      • grpconv.exe (PID: 7904)
      • grpconv.exe (PID: 7980)
      • grpconv.exe (PID: 3980)
      • grpconv.exe (PID: 2032)
      • grpconv.exe (PID: 7776)
      • Build.exe (PID: 8156)
      • grpconv.exe (PID: 2136)
      • grpconv.exe (PID: 8124)
      • grpconv.exe (PID: 7456)
      • grpconv.exe (PID: 2996)
      • grpconv.exe (PID: 3580)
      • grpconv.exe (PID: 7588)

    • ZEROTRACE has been detected

      • Build.exe (PID: 8156)
      • Build.exe (PID: 6380)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 7892)

    • Changes powershell execution policy (Bypass)

      • Build.exe (PID: 8156)

    • Suspicious browser debugging (Possible cookie theft)

      • chrome.exe (PID: 5600)
      • chrome.exe (PID: 7260)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Build.exe (PID: 8008)
      • Build.exe (PID: 7532)

    • Application launched itself

      • Build.exe (PID: 8008)
      • Build.exe (PID: 7532)

    • Possible usage of Discord/Telegram API has been detected (YARA)

      • Build.exe (PID: 8156)
      • Build.exe (PID: 6380)

    • Multiple wallet extension IDs have been found

      • Build.exe (PID: 8156)
      • Build.exe (PID: 6380)

    • Starts POWERSHELL.EXE for commands execution

      • Build.exe (PID: 8156)

    • The process executes Powershell scripts

      • Build.exe (PID: 8156)

  • INFO

    • Reads the computer name

      • identity_helper.exe (PID: 7456)
      • Build.exe (PID: 8008)
      • Build.exe (PID: 8156)
      • Build.exe (PID: 6380)
      • Build.exe (PID: 7532)

    • Application launched itself

      • msedge.exe (PID: 1356)
      • chrome.exe (PID: 5600)
      • chrome.exe (PID: 7260)

    • Reads Environment values

      • identity_helper.exe (PID: 7456)

    • Checks supported languages

      • Build.exe (PID: 8008)
      • identity_helper.exe (PID: 7456)
      • Build.exe (PID: 8156)
      • Build.exe (PID: 7532)
      • Build.exe (PID: 6380)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 1356)

    • Process checks computer location settings

      • Build.exe (PID: 8008)
      • Build.exe (PID: 7532)

    • Reads the machine GUID from the registry

      • Build.exe (PID: 8156)
      • Build.exe (PID: 6380)

    • Create files in a temporary directory

      • grpconv.exe (PID: 7436)
      • grpconv.exe (PID: 1036)
      • grpconv.exe (PID: 7904)
      • grpconv.exe (PID: 7708)
      • grpconv.exe (PID: 3644)
      • grpconv.exe (PID: 2032)
      • grpconv.exe (PID: 7776)
      • Build.exe (PID: 8156)
      • grpconv.exe (PID: 3580)
      • grpconv.exe (PID: 7588)
      • Build.exe (PID: 6380)

    • Creates files or folders in the user directory

      • grpconv.exe (PID: 7436)
      • grpconv.exe (PID: 1036)
      • grpconv.exe (PID: 5400)
      • grpconv.exe (PID: 7888)
      • grpconv.exe (PID: 7844)
      • grpconv.exe (PID: 7980)
      • grpconv.exe (PID: 7796)
      • grpconv.exe (PID: 7904)
      • grpconv.exe (PID: 6828)
      • grpconv.exe (PID: 3460)
      • grpconv.exe (PID: 7708)
      • grpconv.exe (PID: 3644)
      • grpconv.exe (PID: 3980)
      • grpconv.exe (PID: 2032)
      • grpconv.exe (PID: 5104)
      • grpconv.exe (PID: 2136)
      • grpconv.exe (PID: 7776)
      • grpconv.exe (PID: 7868)
      • grpconv.exe (PID: 3580)
      • grpconv.exe (PID: 7956)
      • grpconv.exe (PID: 8068)
      • grpconv.exe (PID: 8124)
      • grpconv.exe (PID: 7852)
      • grpconv.exe (PID: 2996)
      • grpconv.exe (PID: 7456)
      • grpconv.exe (PID: 7588)

    • Potential dynamic function import (Base64 Encoded 'GetProcAddress')

      • Build.exe (PID: 8156)

    • Potential access to remote process (Base64 Encoded 'OpenProcess')

      • Build.exe (PID: 8156)

    • Potential library load (Base64 Encoded 'LoadLibrary')

      • Build.exe (PID: 8156)

    • Potential remote process memory reading (Base64 Encoded 'ReadProcessMemory')

      • Build.exe (PID: 8156)

    • Reads Microsoft Office registry keys

      • grpconv.exe (PID: 3460)
      • grpconv.exe (PID: 7852)

    • Reads Windows Product ID

      • grpconv.exe (PID: 3460)
      • grpconv.exe (PID: 7852)

    • Reads CPU info

      • Build.exe (PID: 8156)
      • Build.exe (PID: 6380)

    • Disables trace logs

      • powershell.exe (PID: 7892)

    • Checks proxy server information

      • powershell.exe (PID: 7892)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

ims-api

(PID) Process(8156) Build.exe
Telegram-Tokens (1)6816087249:AAFOR_xhE5bidJ4to7oTLE2e_3aO0VU0shc
Telegram-Info-Links
6816087249:AAFOR_xhE5bidJ4to7oTLE2e_3aO0VU0shc
Get info about bothttps://api.telegram.org/bot6816087249:AAFOR_xhE5bidJ4to7oTLE2e_3aO0VU0shc/getMe
Get incoming updateshttps://api.telegram.org/bot6816087249:AAFOR_xhE5bidJ4to7oTLE2e_3aO0VU0shc/getUpdates
Get webhookhttps://api.telegram.org/bot6816087249:AAFOR_xhE5bidJ4to7oTLE2e_3aO0VU0shc/getWebhookInfo
Delete webhookhttps://api.telegram.org/bot6816087249:AAFOR_xhE5bidJ4to7oTLE2e_3aO0VU0shc/deleteWebhook
Drop incoming updateshttps://api.telegram.org/bot6816087249:AAFOR_xhE5bidJ4to7oTLE2e_3aO0VU0shc/deleteWebhook?drop_pending_updates=true
(PID) Process(6380) Build.exe
Telegram-Tokens (1)6816087249:AAFOR_xhE5bidJ4to7oTLE2e_3aO0VU0shc
Telegram-Info-Links
6816087249:AAFOR_xhE5bidJ4to7oTLE2e_3aO0VU0shc
Get info about bothttps://api.telegram.org/bot6816087249:AAFOR_xhE5bidJ4to7oTLE2e_3aO0VU0shc/getMe
Get incoming updateshttps://api.telegram.org/bot6816087249:AAFOR_xhE5bidJ4to7oTLE2e_3aO0VU0shc/getUpdates
Get webhookhttps://api.telegram.org/bot6816087249:AAFOR_xhE5bidJ4to7oTLE2e_3aO0VU0shc/getWebhookInfo
Delete webhookhttps://api.telegram.org/bot6816087249:AAFOR_xhE5bidJ4to7oTLE2e_3aO0VU0shc/deleteWebhook
Drop incoming updateshttps://api.telegram.org/bot6816087249:AAFOR_xhE5bidJ4to7oTLE2e_3aO0VU0shc/deleteWebhook?drop_pending_updates=true
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
227
Monitored processes
84
Malicious processes
20
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs build.exe no specs #ZEROTRACE build.exe grpconv.exe no specs grpconv.exe no specs grpconv.exe no specs grpconv.exe no specs grpconv.exe no specs grpconv.exe no specs grpconv.exe grpconv.exe grpconv.exe no specs grpconv.exe no specs grpconv.exe no specs grpconv.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs build.exe no specs grpconv.exe no specs grpconv.exe no specs #ZEROTRACE build.exe grpconv.exe no specs grpconv.exe grpconv.exe no specs grpconv.exe no specs grpconv.exe grpconv.exe no specs grpconv.exe no specs grpconv.exe grpconv.exe no specs grpconv.exe no specs grpconv.exe no specs grpconv.exe powershell.exe no specs conhost.exe no specs grpconv.exe grpconv.exe no specs grpconv.exe no specs grpconv.exe no specs chrome.exe chrome.exe no specs grpconv.exe chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs slui.exe no specs chrome.exe no specs grpconv.exe no specs chrome.exe no specs grpconv.exe no specs grpconv.exe grpconv.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs grpconv.exe chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1036"C:\Windows\SysWOW64\grpconv.exe" /stext "C:\Users\admin\AppData\Roaming\AlternativeEdgeCookies-output_20250714082029.txt"C:\Windows\SysWOW64\grpconv.exeBuild.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Progman Group Converter
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\grpconv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1200"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --no-sandbox --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2888,i,17633971037214336939,1444935204193999389,262144 --disable-features=PaintHolding --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=2880 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1356"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://filedoge.com/download/7758fa347ba128f8a31e84dcb95e4435702e1b9c422de27797262b1e0cbb6a1fa8122b34fdc09c34246d"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
4294967295
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1732"C:\Windows\SysWOW64\grpconv.exe" /stext "C:\Users\admin\AppData\Roaming\ExtensionsView-output_20250714082049.txt"C:\Windows\SysWOW64\grpconv.exeBuild.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Progman Group Converter
Exit code:
4294967295
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\grpconv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
2032"C:\Windows\SysWOW64\grpconv.exe" /stext "C:\Users\admin\AppData\Roaming\Autofill-output_20250714082029.txt"C:\Windows\SysWOW64\grpconv.exe
Build.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Progman Group Converter
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\grpconv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2120"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x304,0x308,0x30c,0x2fc,0x314,0x7ffc431af208,0x7ffc431af214,0x7ffc431af220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
4294967295
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2136"C:\Windows\SysWOW64\grpconv.exe" /stext "C:\Users\admin\AppData\Roaming\ChromeV20-output_20250714082049.txt"C:\Windows\SysWOW64\grpconv.exe
Build.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Progman Group Converter
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\grpconv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\user32.dll
2160"C:\Windows\SysWOW64\grpconv.exe" /stext "C:\Users\admin\AppData\Roaming\InstalledApps-output_20250714082049.txt"C:\Windows\SysWOW64\grpconv.exeBuild.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Progman Group Converter
Exit code:
4294967295
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\grpconv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
2272"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --no-sandbox --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2824,i,17633971037214336939,1444935204193999389,262144 --disable-features=PaintHolding --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=2820 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2348"C:\Windows\SysWOW64\grpconv.exe" /stext "C:\Users\admin\AppData\Roaming\WorkingTasks-output_20250714082049.txt"C:\Windows\SysWOW64\grpconv.exeBuild.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Progman Group Converter
Exit code:
4294967295
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\grpconv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
Total events
20 637
Read events
20 597
Write events
40
Delete events
0

Modification events

(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(1356) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
3EF80A9D75982F00
(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\787138
Operation:writeName:WindowTabManagerFileMappingId
Value:
{3BEE3242-BE92-4929-955D-553A249B7553}
(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\787138
Operation:writeName:WindowTabManagerFileMappingId
Value:
{4096BC98-6653-4FD5-A72D-7F6E851B20E5}
(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\787138
Operation:writeName:WindowTabManagerFileMappingId
Value:
{32162BA4-CC86-4A65-BEDB-1CFCCB848E81}
(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A
Value:
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
(PID) Process:(1356) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\Commands\on-logon-autolaunch
Operation:writeName:Enabled
Value:
0
Executable files
3
Suspicious files
112
Text files
148
Unknown types
48

Dropped files

PID
Process
Filename
Type
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1756f9.TMP
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF175709.TMP
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF175709.TMP
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF175719.TMP
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF175738.TMP
MD5:
SHA256:
1356msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
89
DNS requests
88
Threats
16

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6948
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:e21UIi7fwKkLrurrv7WUN5HlZsSmYTWB_stiE8Jb4uo&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
1268
svchost.exe
GET
200
23.55.110.211:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2072
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7808
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7420
chrome.exe
GET
200
216.58.206.46:80
http://clients2.google.com/time/1/current?cup2key=8:FRMCCr8uzIC7VuBa2_2TG3hjlfbcwrOX-8WTAB8IHBg&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
7808
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5328
SearchApp.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6344
chrome.exe
GET
200
216.58.206.46:80
http://clients2.google.com/time/1/current?cup2key=8:9S2hm-1u11S40fzscXkAEfJd75FKOzGDvxZFYDbgTtE&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1984
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6948
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6948
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6948
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6948
msedge.exe
2.16.241.220:443
copilot.microsoft.com
Akamai International B.V.
DE
whitelisted
6948
msedge.exe
172.67.199.152:443
filedoge.com
CLOUDFLARENET
US
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.250.186.110
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
filedoge.com
  • 172.67.199.152
  • 104.21.36.207
unknown
copilot.microsoft.com
  • 2.16.241.220
  • 2.16.241.224
whitelisted
www.bing.com
  • 2.16.241.223
  • 2.16.241.221
  • 2.16.241.197
  • 2.16.241.222
  • 2.16.241.220
  • 2.16.241.203
  • 2.16.241.205
  • 2.16.241.219
  • 2.16.241.200
  • 2.16.241.207
  • 2.16.241.212
  • 2.16.241.208
  • 2.16.241.214
  • 2.16.241.206
whitelisted
www.googletagmanager.com
  • 142.250.185.136
whitelisted
img.buymeacoffee.com
  • 172.67.75.15
  • 104.26.3.199
  • 104.26.2.199
whitelisted
region1.google-analytics.com
  • 216.239.34.36
  • 216.239.32.36
whitelisted

Threats

PID
Process
Class
Message
6948
msedge.exe
Misc activity
ET FILE_SHARING Anonymous File Sharing Service Domain in DNS Lookup
6948
msedge.exe
Misc activity
ET FILE_SHARING Anonymous File Sharing Service Domain in DNS Lookup
6948
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6948
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6948
msedge.exe
Misc activity
ET FILE_SHARING Anonymous File Sharing Service Domain in DNS Lookup
6948
msedge.exe
Misc activity
ET FILE_SHARING Observed Anonymous File Sharing Service Domain in TLS SNI
6948
msedge.exe
Misc activity
ET FILE_SHARING Anonymous File Sharing Service Domain in DNS Lookup
6948
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6948
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6948
msedge.exe
Misc activity
ET FILE_SHARING Observed Anonymous File Sharing Service Domain in TLS SNI
Process
Message
chrome.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\Google\Chrome\User Data directory exists )
chrome.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\Google\Chrome\User Data directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://filedoge.com/download/7758fa347ba128f8a31e84dcb95e4435702e1b9c422de27797262b1e0cbb6a1fa8122b34fdc09c34246d