URL:

https://sur.hisgames.org/baldi-s-baswics-plus

Full analysis: https://app.any.run/tasks/b1476d3a-196f-448a-a563-db6e97c00b4c
Verdict: Malicious activity
Analysis date: April 12, 2024, 12:10:19
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

328608E25FA37BC3A5303911D389EDC2

SHA1:

3C00D35968DE2BA0A53E07C673CDB1C07484003E

SHA256:

360F7F82122BC15BB849BE0D7D9BCD1E1B2518AADE96160C8E593EB03C6A9D01

SSDEEP:

3:N8dpYPlBIVeWn:2kPlqeWn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 3892)
      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)

  • SUSPICIOUS

    • Cleans NTFS data stream (Zone Identifier)

      • explorer.exe (PID: 1164)

    • Adds/modifies Windows certificates

      • explorer.exe (PID: 1164)
      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)

    • Executable content was dropped or overwritten

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 3892)
      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)
      • expand.exe (PID: 4072)

    • Application launched itself

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 3892)

    • The process creates files with name similar to system file names

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)

    • Reads the date of Windows installation

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)

    • Reads the Internet Settings

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)
      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 3892)
      • dstudio-gui.exe (PID: 1092)

    • Checks Windows Trust Settings

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)

    • Reads settings of System Certificates

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)

    • Reads security settings of Internet Explorer

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)
      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 3892)

    • The process drops C-runtime libraries

      • expand.exe (PID: 4072)

    • Creates a software uninstall entry

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)

    • Process drops legitimate windows executable

      • expand.exe (PID: 4072)

    • Reads Microsoft Outlook installation path

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)

    • Reads Internet Explorer settings

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)

    • Process requests binary or script from the Internet

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)

  • INFO

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 1164)

    • Reads settings of System Certificates

      • explorer.exe (PID: 1164)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 3936)
      • expand.exe (PID: 4072)

    • Manual execution by a user

      • explorer.exe (PID: 3844)

    • The process uses the downloaded file

      • msedge.exe (PID: 1072)
      • explorer.exe (PID: 1164)

    • Reads the Internet Settings

      • explorer.exe (PID: 1164)

    • Creates files or folders in the user directory

      • explorer.exe (PID: 1164)
      • dstudio-gui.exe (PID: 1092)
      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)
      • dstudio.exe (PID: 1548)

    • Reads the software policy settings

      • explorer.exe (PID: 1164)
      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 3936)

    • Checks supported languages

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 3892)
      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)
      • dstudio-gui.exe (PID: 1092)
      • dstudio.exe (PID: 1548)
      • QtWebEngineProcess.exe (PID: 4048)

    • Application launched itself

      • msedge.exe (PID: 3936)

    • Reads the computer name

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 3892)
      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)
      • dstudio-gui.exe (PID: 1092)
      • dstudio.exe (PID: 1548)

    • Create files in a temporary directory

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 3892)
      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)
      • dstudio-gui.exe (PID: 1092)

    • Process checks whether UAC notifications are on

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 3892)

    • Checks proxy server information

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)

    • Reads the machine GUID from the registry

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)
      • dstudio-gui.exe (PID: 1092)
      • dstudio.exe (PID: 1548)

    • Creates files in the program directory

      • Baldi's Basics Plus[52IVJd0Lg].exe (PID: 1816)
      • expand.exe (PID: 4072)

    • Process checks computer location settings

      • dstudio-gui.exe (PID: 1092)
      • QtWebEngineProcess.exe (PID: 4048)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
77
Monitored processes
33
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs explorer.exe no specs explorer.exe baldi's basics plus[52ivjd0lg].exe baldi's basics plus[52ivjd0lg].exe dist_opera.exe no specs expand.exe dstudio-gui.exe qtwebengineprocess.exe no specs dstudio.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4120 --field-trial-handle=1380,i,8603895658676592411,8031679348240524251,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
240"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2216 --field-trial-handle=1380,i,8603895658676592411,8031679348240524251,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
920"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4184 --field-trial-handle=1380,i,8603895658676592411,8031679348240524251,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1072"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1032 --field-trial-handle=1380,i,8603895658676592411,8031679348240524251,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1092"C:\Program Files\Download Studio\dstudio-gui.exe" --open-hashid 52IVJd0Lg --force-runC:\Program Files\Download Studio\dstudio-gui.exe
Baldi's Basics Plus[52IVJd0Lg].exe
User:
admin
Integrity Level:
MEDIUM
Description:
Download Studio GUI
Exit code:
1073741845
Version:
1.20.0.1
Modules
Images
c:\program files\download studio\dstudio-gui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\program files\download studio\miniupnpc.dll
c:\windows\system32\iphlpapi.dll
1164C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
1548"C:\Program Files\Download Studio\dstudio.exe" --quiet=true --event-poll=select --disable-ipv6=true --listen-port=59751 --enable-rpc=true --rpc-allow-origin-all=true --rpc-listen-port=17060 --rpc-secret=6a2feef8ed6a9fe76d6b3f30f02150b4 --continue=true --check-certificate=false --allow-overwrite=true --allow-piece-length-change=true --content-disposition-default-utf8=true --disk-cache=32M --auto-save-interval=5 --file-allocation=trunc --max-connection-per-server=100 --min-split-size=1M --split=20 --referer=* --max-overall-upload-limit=5M --max-concurrent-downloads=5 --bt-enable-lpd=true --bt-piece-selector=default --bt-max-peers=150 --bt-max-open-files=250 --bt-save-metadata=true --bt-load-saved-metadata=true --bt-request-peer-speed-limit=100K --seed-time=0 --enable-peer-exchange=true --enable-dht=true --dht-listen-port=59751 --dht-entry-point=dht.dstudio.app:6881 --dht-file-path="C:\Users\admin\AppData\Local\Download Studio\data\dht.dat" --save-session="C:\Users\admin\AppData\Local\Download Studio\data\session.dat" --save-session-interval=2 --input-file="C:\Users\admin\AppData\Local\Download Studio\data\session.dat" --user-agent=dstudio/1.20.0 --peer-agent=dstudio/1.20.0 --peer-id-prefix=-DS-1200- --stop-with-process=1092C:\Program Files\Download Studio\dstudio.exedstudio-gui.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Download Studio Daemon
Exit code:
0
Version:
1.3.3.0
Modules
Images
c:\program files\download studio\dstudio.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
1692"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xdc,0x6bcdf598,0x6bcdf5a8,0x6bcdf5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1780"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3664 --field-trial-handle=1380,i,8603895658676592411,8031679348240524251,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1796"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4120 --field-trial-handle=1380,i,8603895658676592411,8031679348240524251,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
36 030
Read events
35 706
Write events
285
Delete events
39

Modification events

(PID) Process:(1164) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
Operation:writeName:CheckSetting
Value:
01000000D08C9DDF0115D1118C7A00C04FC297EB0100000022DEA57A763FF340AA88754CA6CD400500000000020000000000106600000001000020000000C134713A856F4BCFB117B6C7BB73D1BC457931C3F0656CD5777DD58EA4573BA6000000000E80000000020000200000002B762673AF1A632D4F59476701C6FB24C11E683E97C4E938209D554072B9C88730000000A5DCF4F3541097B104CE4E3E0C0BC4BBB792DAAE53ED68B181ECB41986601E4732EC121ACB3C519B52D187EA9008510E40000000DEBFE9CBDB2032D0C91EE1A47ACCFDB0F55A097DA25744A240BB8324112F59124F2F39BC4DB28B31CBCC1F9E213D54ED3169D8709BCE1B01A16F95509FE9F8EA
(PID) Process:(3936) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3936) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3936) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(3936) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3936) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3936) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(3936) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(3936) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
A7CFBC707B742F00
(PID) Process:(3936) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\FirstNotDefault
Operation:delete valueName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
Executable files
72
Suspicious files
119
Text files
105
Unknown types
155

Dropped files

PID
Process
Filename
Type
3936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:
SHA256:
1692msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pmabinary
MD5:
SHA256:
3936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Variationsbinary
MD5:
SHA256:
3936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\003ae243-aa52-41ee-8ff9-5a8dc3de4b73.tmpbinary
MD5:
SHA256:
3936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State~RF182594.TMPtext
MD5:
SHA256:
3936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Last Versiontext
MD5:
SHA256:
3936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local Statetext
MD5:
SHA256:
3936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF182611.TMP
MD5:
SHA256:
3936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3936msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old~RF182611.TMPtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
86
DNS requests
73
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1816
Baldi's Basics Plus[52IVJd0Lg].exe
GET
304
2.16.100.168:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?46430c10ee2fc378
DE
unknown
1164
explorer.exe
GET
200
52.217.195.13:80
http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer
US
binary
1.72 Kb
unknown
1816
Baldi's Basics Plus[52IVJd0Lg].exe
GET
200
2.19.105.18:80
http://x1.c.lencr.org/
DE
binary
717 b
unknown
1816
Baldi's Basics Plus[52IVJd0Lg].exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAsA6S1NbXMfyjBZx8seGIY%3D
US
binary
314 b
unknown
1080
svchost.exe
GET
200
95.101.54.113:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?1dd404ff67a3d8ee
DE
compressed
68.3 Kb
unknown
1816
Baldi's Basics Plus[52IVJd0Lg].exe
GET
104.192.108.20:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_Mini_WW_dstudio_CPI202206_6.6.0.1054.exe
US
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
3936
msedge.exe
239.255.255.250:1900
unknown
2364
msedge.exe
131.253.33.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2364
msedge.exe
13.107.43.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2364
msedge.exe
188.114.96.3:443
sur.hisgames.org
CLOUDFLARENET
NL
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
2364
msedge.exe
216.58.206.36:443
www.google.com
GOOGLE
US
whitelisted
2364
msedge.exe
142.250.186.35:443
www.gstatic.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.43.16
whitelisted
sur.hisgames.org
  • 188.114.96.3
  • 188.114.97.3
unknown
edge.microsoft.com
  • 131.253.33.239
  • 13.107.22.239
whitelisted
www.google.com
  • 216.58.206.36
whitelisted
www.gstatic.com
  • 142.250.186.35
whitelisted
www.bing.com
  • 104.126.37.152
  • 104.126.37.160
  • 104.126.37.139
  • 104.126.37.146
  • 104.126.37.155
  • 104.126.37.137
  • 104.126.37.153
  • 104.126.37.162
  • 104.126.37.161
  • 104.126.37.184
  • 104.126.37.177
  • 104.126.37.171
  • 104.126.37.186
  • 104.126.37.179
  • 104.126.37.130
  • 104.126.37.136
  • 184.86.251.28
  • 184.86.251.14
  • 184.86.251.27
  • 184.86.251.7
  • 184.86.251.30
  • 184.86.251.12
  • 184.86.251.4
  • 184.86.251.26
  • 184.86.251.9
  • 23.15.178.145
  • 23.15.178.226
  • 23.15.178.146
  • 23.15.178.138
  • 23.15.178.137
  • 23.15.178.224
  • 23.15.178.251
  • 23.15.178.249
  • 23.15.178.234
whitelisted
fonts.gstatic.com
  • 142.250.185.195
whitelisted
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
  • 152.199.21.175
whitelisted
cdnjs.cloudflare.com
  • 104.17.25.14
  • 104.17.24.14
whitelisted
fonts.googleapis.com
  • 216.58.206.42
  • 142.250.184.234
  • 142.250.186.170
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
dstudio-gui.exe
QWindowsEGLStaticContext::create: Could not initialize EGL display: error 0x3001
dstudio-gui.exe
QWindowsEGLStaticContext::create: When using ANGLE, check if d3dcompiler_4x.dll is available
dstudio-gui.exe
QObject::moveToThread: Cannot move objects with a parent
dstudio-gui.exe
QObject::moveToThread: Cannot move objects with a parent
dstudio-gui.exe
WebEngineContext used before QtWebEngine::initialize() or OpenGL context creation failed.
dstudio-gui.exe
QWindowsEGLStaticContext::create: Could not initialize EGL display: error 0x3001
dstudio-gui.exe
QWindowsEGLStaticContext::create: When using ANGLE, check if d3dcompiler_4x.dll is available
dstudio-gui.exe
QWindowsEGLStaticContext::create: Could not initialize EGL display: error 0x3001
dstudio-gui.exe
QWindowsEGLStaticContext::create: When using ANGLE, check if d3dcompiler_4x.dll is available
dstudio-gui.exe
QWindowsEGLStaticContext::create: Could not initialize EGL display: error 0x3001
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://sur.hisgames.org/baldi-s-baswics-plus