File name:

Game.exe

Full analysis: https://app.any.run/tasks/6ed9906b-aa26-4a78-93dd-1152f6cd80c2
Verdict: Malicious activity
Analysis date: April 01, 2025, 02:08:46
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

565674B212542B0BC4168234A00B4126

SHA1:

6246930050CFF1BFABFD5F2C50120E25FB2212A4

SHA256:

4023C2F4F679AEF5A96FA4CFF457DD6047A90A3B929C260887046C4BE9E484B3

SSDEEP:

3072:2IYpGMuqWDzyUExux6pWzIhocSzGXiYd6EhBvdYVd8S:2/pzWDzYxuxYFacnXiYd6+BvKVd8S

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 4488)
      • powershell.exe (PID: 8088)
      • powershell.exe (PID: 1812)
      • powershell.exe (PID: 6252)

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 4488)
      • powershell.exe (PID: 8088)
      • powershell.exe (PID: 1812)
      • powershell.exe (PID: 6252)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Game.exe (PID: 5216)
      • Game_patch-run.exe (PID: 1276)

    • Starts itself from another location

      • Game.exe (PID: 5216)

    • Executable content was dropped or overwritten

      • Game.exe (PID: 5216)
      • Game_patch-run.exe (PID: 1276)

    • Executes application which crashes

      • Game.exe (PID: 4228)

    • The process creates files with name similar to system file names

      • Game_patch-run.exe (PID: 1276)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Game_patch-run.exe (PID: 1276)

    • Executing commands from a ".bat" file

      • Game_patch-run.exe (PID: 1276)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 4696)
      • cmd.exe (PID: 8116)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 4696)
      • Game_patch-run.exe (PID: 1276)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 4696)

    • Application launched itself

      • cmd.exe (PID: 4696)

    • There is functionality for taking screenshot (YARA)

      • Game_patch-run.exe (PID: 1276)

    • Probably obfuscated PowerShell command line is found

      • cmd.exe (PID: 4696)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 4696)

    • The process executes Powershell scripts

      • cmd.exe (PID: 4696)

    • Manipulates environment variables

      • powershell.exe (PID: 4488)
      • powershell.exe (PID: 6252)
      • powershell.exe (PID: 1812)

    • Hides errors and continues executing the command without stopping

      • powershell.exe (PID: 8088)
      • powershell.exe (PID: 4488)
      • powershell.exe (PID: 1812)
      • powershell.exe (PID: 6252)

  • INFO

    • Reads the computer name

      • Game.exe (PID: 5216)
      • Game_patch-run.exe (PID: 1276)
      • Game.exe (PID: 4228)
      • identity_helper.exe (PID: 7184)
      • identity_helper.exe (PID: 6892)

    • Create files in a temporary directory

      • Game.exe (PID: 5216)
      • Game_patch-run.exe (PID: 1276)

    • Process checks computer location settings

      • Game.exe (PID: 5216)
      • Game_patch-run.exe (PID: 1276)

    • Checks supported languages

      • Game.exe (PID: 5216)
      • Game_patch-run.exe (PID: 1276)
      • Game.exe (PID: 4228)
      • identity_helper.exe (PID: 7184)
      • identity_helper.exe (PID: 6892)

    • Reads the machine GUID from the registry

      • Game.exe (PID: 4228)

    • Application launched itself

      • msedge.exe (PID: 6040)
      • msedge.exe (PID: 1568)
      • firefox.exe (PID: 8088)
      • firefox.exe (PID: 2616)

    • Manual execution by a user

      • msedge.exe (PID: 1568)
      • firefox.exe (PID: 8088)

    • Uses string replace method (POWERSHELL)

      • powershell.exe (PID: 4980)
      • powershell.exe (PID: 7916)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 1672)
      • Game_patch-run.exe (PID: 1276)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 8132)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 4488)
      • powershell.exe (PID: 8088)
      • powershell.exe (PID: 1812)
      • powershell.exe (PID: 6252)

    • Reads Environment values

      • identity_helper.exe (PID: 7184)
      • identity_helper.exe (PID: 6892)

    • Checks proxy server information

      • slui.exe (PID: 8088)

    • Reads the software policy settings

      • slui.exe (PID: 1324)
      • slui.exe (PID: 8088)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 8108)

    • The sample compiled with english language support

      • msedge.exe (PID: 8108)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:02 02:09:43+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x3645
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
239
Monitored processes
99
Malicious processes
4
Suspicious processes
3

Behavior graph

Click at the process to see the details
start game.exe game_patch-run.exe game.exe werfault.exe no specs sppextcomobj.exe no specs slui.exe cmd.exe no specs conhost.exe no specs msedge.exe no specs powershell.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs reg.exe no specs cmd.exe no specs powershell.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs cmd.exe no specs findstr.exe no specs powershell.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs game.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
444"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6412 --field-trial-handle=2440,i,2926048433527345791,11749189215726391811,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
632"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2812 --field-trial-handle=2440,i,2926048433527345791,11749189215726391811,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
780"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5848 --field-trial-handle=2440,i,2926048433527345791,11749189215726391811,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
928"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1904 -parentBuildID 20240213221259 -prefsHandle 1840 -prefMapHandle 1832 -prefsLen 31031 -prefMapSize 244583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a2d5fc3-a295-47a1-8d06-379804a76451} 2616 "\\.\pipe\gecko-crash-server-pipe.2616" 254a4befd10 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
1096"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6592 --field-trial-handle=2440,i,2926048433527345791,11749189215726391811,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1196"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1556 --field-trial-handle=2440,i,2926048433527345791,11749189215726391811,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1276"C:\Users\admin\AppData\Local\Temp\Game_patch-run.exe" C:\Users\admin\AppData\Local\TempC:\Users\admin\AppData\Local\Temp\Game_patch-run.exe
Game.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\game_patch-run.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1324"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2212 --field-trial-handle=2328,i,11782486653948857877,11933118814671008274,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1568"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate --single-argument https://getadblocktag.com/v1/s/t/info?a=ins&sub=ADHWWZX&n=Game&bucket=S13SPB2Z_2025-04X&u=815489132576157971574863482183C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
63 799
Read events
63 709
Write events
87
Delete events
3

Modification events

(PID) Process:(1672) WerFault.exeKey:\REGISTRY\A\{f91dcdb3-0bd4-9072-db9f-f1df49939d44}\Root\InventoryApplicationFile
Operation:writeName:WritePermissionsCheck
Value:
1
(PID) Process:(1672) WerFault.exeKey:\REGISTRY\A\{f91dcdb3-0bd4-9072-db9f-f1df49939d44}\Root\InventoryApplicationFile\PermissionsCheckTestKey
Operation:delete keyName:(default)
Value:
(PID) Process:(4696) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(4696) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(4696) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4696) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6040) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6040) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
24D7234E44902F00
(PID) Process:(1568) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(1568) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
Executable files
53
Suspicious files
1 196
Text files
241
Unknown types
1

Dropped files

PID
Process
Filename
Type
1672WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Game.exe_e6159ebf926c70ee51b3becda91393bfb8c3a_ec47739b_5ed3e17d-00b0-4122-be1a-7284d46a1288\Report.wer
MD5:
SHA256:
1672WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\Game.exe.4228.dmp
MD5:
SHA256:
1276Game_patch-run.exeC:\Users\admin\AppData\Local\Features\jwisytlbuwpxuehrnkmaywehstrjx\interface.htmlhtml
MD5:654BD04DF4F45643537D9C5E0FD3D351
SHA256:75C49EC78F92A8C7E1F98C579F693BB1A3A2FB1C4E695A1ED5912BFBB33F5A86
5216Game.exeC:\Users\admin\AppData\Local\Temp\Game_patch-run.exeexecutable
MD5:565674B212542B0BC4168234A00B4126
SHA256:4023C2F4F679AEF5A96FA4CFF457DD6047A90A3B929C260887046C4BE9E484B3
1672WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERCCA8.tmp.dmpbinary
MD5:A66994AB7CD8083F56DBE4A19327D342
SHA256:AE5F786CACB0C82C0A7B69F4EA8F6EA88EFBAE2F944EFABA5BC3A9EFF4EAF6A8
1672WerFault.exeC:\Windows\appcompat\Programs\Amcache.hvebinary
MD5:989F377E275D3BC3CD2ED76819340250
SHA256:310171B8406318F47375DEB4353F18199355FDB6FB73CD7762E676828F56DE9E
5216Game.exeC:\Users\admin\AppData\Local\Temp\nsdBF7A.tmpbinary
MD5:68732F6ECE4C595B61FD36A2D5FA5832
SHA256:E6911EBB2953A4AF9D92F83CCF93602C9141E3519E747331914209128834055A
1276Game_patch-run.exeC:\Users\admin\AppData\Local\Features\jwisytlbuwpxuehrnkmaywehstrjx\pdf_handler.jshtml
MD5:3329ECE3E004B69AF96162B4B63C1A7A
SHA256:2E85B440D1DC0BD144FD117AA1254955298281460D4478E3DC08BF6DAC7B8719
1276Game_patch-run.exeC:\Users\admin\AppData\Local\Temp\temp_cleanup.icotext
MD5:A4386A90376247F19B00282494448B16
SHA256:B691CA54AF799145B0C854201FCE21BDC1C950A1C0BE4361404D4CC0409A6F3A
1672WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERCDD2.tmp.WERInternalMetadata.xmlbinary
MD5:7C013058EBC11271AD0B94ECE3DFFFDB
SHA256:F35AAAF606647B235BF2C5E69A54FEA536D6891BF2BE75C06F410E28D4B9D962
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
62
TCP/UDP connections
177
DNS requests
246
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7804
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7804
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7920
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1744054982&P2=404&P3=2&P4=OsTC42Z9VKhOmoKmFDTDFebiEDwBixdD55wuoL3h6ML%2bZMYw69Ilm0CcNZl0HnwohFYg0cX1lNC3leNmbrOdBw%3d%3d
unknown
whitelisted
7920
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1744054982&P2=404&P3=2&P4=OsTC42Z9VKhOmoKmFDTDFebiEDwBixdD55wuoL3h6ML%2bZMYw69Ilm0CcNZl0HnwohFYg0cX1lNC3leNmbrOdBw%3d%3d
unknown
whitelisted
7920
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1744054982&P2=404&P3=2&P4=OsTC42Z9VKhOmoKmFDTDFebiEDwBixdD55wuoL3h6ML%2bZMYw69Ilm0CcNZl0HnwohFYg0cX1lNC3leNmbrOdBw%3d%3d
unknown
whitelisted
7920
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1744054982&P2=404&P3=2&P4=OsTC42Z9VKhOmoKmFDTDFebiEDwBixdD55wuoL3h6ML%2bZMYw69Ilm0CcNZl0HnwohFYg0cX1lNC3leNmbrOdBw%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3216
svchost.exe
20.7.2.167:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6544
svchost.exe
40.126.32.140:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5352
msedge.exe
188.114.96.3:443
getadblocktag.com
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
google.com
  • 172.217.16.206
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
client.wns.windows.com
  • 20.7.2.167
  • 172.172.255.216
whitelisted
login.live.com
  • 40.126.32.140
  • 40.126.32.76
  • 20.190.160.130
  • 20.190.160.128
  • 20.190.160.66
  • 40.126.32.133
  • 40.126.32.68
  • 20.190.160.17
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
getadblocktag.com
  • 188.114.96.3
  • 188.114.97.3
unknown
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Game.exe