File name:

Game.exe

Full analysis: https://app.any.run/tasks/6ed9906b-aa26-4a78-93dd-1152f6cd80c2
Verdict: Malicious activity
Analysis date: April 01, 2025, 02:08:46
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

565674B212542B0BC4168234A00B4126

SHA1:

6246930050CFF1BFABFD5F2C50120E25FB2212A4

SHA256:

4023C2F4F679AEF5A96FA4CFF457DD6047A90A3B929C260887046C4BE9E484B3

SSDEEP:

3072:2IYpGMuqWDzyUExux6pWzIhocSzGXiYd6EhBvdYVd8S:2/pzWDzYxuxYFacnXiYd6+BvKVd8S

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 4488)
      • powershell.exe (PID: 1812)
      • powershell.exe (PID: 8088)
      • powershell.exe (PID: 6252)

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 8088)
      • powershell.exe (PID: 1812)
      • powershell.exe (PID: 6252)
      • powershell.exe (PID: 4488)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Game.exe (PID: 5216)
      • Game_patch-run.exe (PID: 1276)

    • Starts itself from another location

      • Game.exe (PID: 5216)

    • Reads security settings of Internet Explorer

      • Game.exe (PID: 5216)
      • Game_patch-run.exe (PID: 1276)

    • Executes application which crashes

      • Game.exe (PID: 4228)

    • There is functionality for taking screenshot (YARA)

      • Game_patch-run.exe (PID: 1276)

    • The process creates files with name similar to system file names

      • Game_patch-run.exe (PID: 1276)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Game_patch-run.exe (PID: 1276)

    • Starts CMD.EXE for commands execution

      • Game_patch-run.exe (PID: 1276)
      • cmd.exe (PID: 4696)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 4696)
      • cmd.exe (PID: 8116)

    • Executing commands from a ".bat" file

      • Game_patch-run.exe (PID: 1276)

    • Probably obfuscated PowerShell command line is found

      • cmd.exe (PID: 4696)

    • Application launched itself

      • cmd.exe (PID: 4696)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 4696)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 4696)

    • Hides errors and continues executing the command without stopping

      • powershell.exe (PID: 4488)
      • powershell.exe (PID: 8088)
      • powershell.exe (PID: 1812)
      • powershell.exe (PID: 6252)

    • Manipulates environment variables

      • powershell.exe (PID: 4488)
      • powershell.exe (PID: 1812)
      • powershell.exe (PID: 6252)

    • The process executes Powershell scripts

      • cmd.exe (PID: 4696)

  • INFO

    • Reads the computer name

      • Game.exe (PID: 4228)
      • Game_patch-run.exe (PID: 1276)
      • Game.exe (PID: 5216)
      • identity_helper.exe (PID: 7184)
      • identity_helper.exe (PID: 6892)

    • Checks supported languages

      • Game.exe (PID: 5216)
      • Game.exe (PID: 4228)
      • Game_patch-run.exe (PID: 1276)
      • identity_helper.exe (PID: 7184)
      • identity_helper.exe (PID: 6892)

    • Process checks computer location settings

      • Game.exe (PID: 5216)
      • Game_patch-run.exe (PID: 1276)

    • Reads the machine GUID from the registry

      • Game.exe (PID: 4228)

    • Create files in a temporary directory

      • Game.exe (PID: 5216)
      • Game_patch-run.exe (PID: 1276)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 1672)
      • Game_patch-run.exe (PID: 1276)

    • Manual execution by a user

      • msedge.exe (PID: 1568)
      • firefox.exe (PID: 8088)

    • Application launched itself

      • msedge.exe (PID: 6040)
      • msedge.exe (PID: 1568)
      • firefox.exe (PID: 8088)
      • firefox.exe (PID: 2616)

    • Uses string replace method (POWERSHELL)

      • powershell.exe (PID: 4980)
      • powershell.exe (PID: 7916)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 8132)

    • Reads Environment values

      • identity_helper.exe (PID: 7184)
      • identity_helper.exe (PID: 6892)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 8088)
      • powershell.exe (PID: 1812)
      • powershell.exe (PID: 4488)
      • powershell.exe (PID: 6252)

    • Checks proxy server information

      • slui.exe (PID: 8088)

    • Reads the software policy settings

      • slui.exe (PID: 8088)
      • slui.exe (PID: 1324)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 8108)

    • The sample compiled with english language support

      • msedge.exe (PID: 8108)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:02 02:09:43+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x3645
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
239
Monitored processes
99
Malicious processes
4
Suspicious processes
3

Behavior graph

Click at the process to see the details
start game.exe game_patch-run.exe game.exe werfault.exe no specs sppextcomobj.exe no specs slui.exe cmd.exe no specs conhost.exe no specs msedge.exe no specs powershell.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs reg.exe no specs cmd.exe no specs powershell.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs cmd.exe no specs findstr.exe no specs powershell.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs game.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
444"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6412 --field-trial-handle=2440,i,2926048433527345791,11749189215726391811,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
632"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2812 --field-trial-handle=2440,i,2926048433527345791,11749189215726391811,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
780"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5848 --field-trial-handle=2440,i,2926048433527345791,11749189215726391811,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
928"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1904 -parentBuildID 20240213221259 -prefsHandle 1840 -prefMapHandle 1832 -prefsLen 31031 -prefMapSize 244583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a2d5fc3-a295-47a1-8d06-379804a76451} 2616 "\\.\pipe\gecko-crash-server-pipe.2616" 254a4befd10 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
1096"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6592 --field-trial-handle=2440,i,2926048433527345791,11749189215726391811,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1196"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1556 --field-trial-handle=2440,i,2926048433527345791,11749189215726391811,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1276"C:\Users\admin\AppData\Local\Temp\Game_patch-run.exe" C:\Users\admin\AppData\Local\TempC:\Users\admin\AppData\Local\Temp\Game_patch-run.exe
Game.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\game_patch-run.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1324"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2212 --field-trial-handle=2328,i,11782486653948857877,11933118814671008274,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1568"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate --single-argument https://getadblocktag.com/v1/s/t/info?a=ins&sub=ADHWWZX&n=Game&bucket=S13SPB2Z_2025-04X&u=815489132576157971574863482183C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
63 799
Read events
63 709
Write events
87
Delete events
3

Modification events

(PID) Process:(1672) WerFault.exeKey:\REGISTRY\A\{f91dcdb3-0bd4-9072-db9f-f1df49939d44}\Root\InventoryApplicationFile
Operation:writeName:WritePermissionsCheck
Value:
1
(PID) Process:(1672) WerFault.exeKey:\REGISTRY\A\{f91dcdb3-0bd4-9072-db9f-f1df49939d44}\Root\InventoryApplicationFile\PermissionsCheckTestKey
Operation:delete keyName:(default)
Value:
(PID) Process:(4696) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(4696) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(4696) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4696) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6040) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6040) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
24D7234E44902F00
(PID) Process:(1568) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(1568) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
Executable files
53
Suspicious files
1 196
Text files
241
Unknown types
1

Dropped files

PID
Process
Filename
Type
1672WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Game.exe_e6159ebf926c70ee51b3becda91393bfb8c3a_ec47739b_5ed3e17d-00b0-4122-be1a-7284d46a1288\Report.wer
MD5:
SHA256:
1672WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\Game.exe.4228.dmp
MD5:
SHA256:
1276Game_patch-run.exeC:\Users\admin\AppData\Local\Temp\Game.exeexecutable
MD5:C2F26DCF03CE79D120884CB0EC4B8090
SHA256:8A191BE25D13DDC8EDB54BA5FBD8D19B9F2CC6D7EE6471190C8E641C88189C2B
1276Game_patch-run.exeC:\Users\admin\AppData\Local\Features\jwisytlbuwpxuehrnkmaywehstrjx\icon.pngimage
MD5:5F62E1708F9891439ED643945FD4752F
SHA256:8629E952606B85E9A6CEE20A6A13D37DF44ACDEA6B8143B7CAB575B4086777B6
5216Game.exeC:\Users\admin\AppData\Local\Temp\Game_patch-run.exeexecutable
MD5:565674B212542B0BC4168234A00B4126
SHA256:4023C2F4F679AEF5A96FA4CFF457DD6047A90A3B929C260887046C4BE9E484B3
1672WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERCDD2.tmp.WERInternalMetadata.xmlbinary
MD5:7C013058EBC11271AD0B94ECE3DFFFDB
SHA256:F35AAAF606647B235BF2C5E69A54FEA536D6891BF2BE75C06F410E28D4B9D962
5216Game.exeC:\Users\admin\AppData\Local\Temp\nsdBF7A.tmpbinary
MD5:68732F6ECE4C595B61FD36A2D5FA5832
SHA256:E6911EBB2953A4AF9D92F83CCF93602C9141E3519E747331914209128834055A
1672WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERCCA8.tmp.dmpbinary
MD5:A66994AB7CD8083F56DBE4A19327D342
SHA256:AE5F786CACB0C82C0A7B69F4EA8F6EA88EFBAE2F944EFABA5BC3A9EFF4EAF6A8
1672WerFault.exeC:\Windows\appcompat\Programs\Amcache.hvebinary
MD5:989F377E275D3BC3CD2ED76819340250
SHA256:310171B8406318F47375DEB4353F18199355FDB6FB73CD7762E676828F56DE9E
1276Game_patch-run.exeC:\Users\admin\AppData\Local\Features\jwisytlbuwpxuehrnkmaywehstrjx\style_01.csstext
MD5:26FD90BC75E32CB3FE18F6E3552CD642
SHA256:EB044AE84BF7E97BF48A77C2D31BCD07858489D031A0B4244BE209394B516DD1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
62
TCP/UDP connections
177
DNS requests
246
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7804
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7804
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7920
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1744054982&P2=404&P3=2&P4=OsTC42Z9VKhOmoKmFDTDFebiEDwBixdD55wuoL3h6ML%2bZMYw69Ilm0CcNZl0HnwohFYg0cX1lNC3leNmbrOdBw%3d%3d
unknown
whitelisted
7920
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1744054982&P2=404&P3=2&P4=OsTC42Z9VKhOmoKmFDTDFebiEDwBixdD55wuoL3h6ML%2bZMYw69Ilm0CcNZl0HnwohFYg0cX1lNC3leNmbrOdBw%3d%3d
unknown
whitelisted
7920
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1744054982&P2=404&P3=2&P4=OsTC42Z9VKhOmoKmFDTDFebiEDwBixdD55wuoL3h6ML%2bZMYw69Ilm0CcNZl0HnwohFYg0cX1lNC3leNmbrOdBw%3d%3d
unknown
whitelisted
7920
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1744054982&P2=404&P3=2&P4=OsTC42Z9VKhOmoKmFDTDFebiEDwBixdD55wuoL3h6ML%2bZMYw69Ilm0CcNZl0HnwohFYg0cX1lNC3leNmbrOdBw%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3216
svchost.exe
20.7.2.167:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6544
svchost.exe
40.126.32.140:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5352
msedge.exe
188.114.96.3:443
getadblocktag.com
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
google.com
  • 172.217.16.206
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
client.wns.windows.com
  • 20.7.2.167
  • 172.172.255.216
whitelisted
login.live.com
  • 40.126.32.140
  • 40.126.32.76
  • 20.190.160.130
  • 20.190.160.128
  • 20.190.160.66
  • 40.126.32.133
  • 40.126.32.68
  • 20.190.160.17
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
getadblocktag.com
  • 188.114.96.3
  • 188.114.97.3
unknown
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Game.exe