File name:

5f76275cc7f8ed4c80ed17a063bc039bfb026b9ecaab3bcd481803499e25338c

Full analysis: https://app.any.run/tasks/1bcdb7f1-8925-4230-a888-f9252e967dab
Verdict: Malicious activity
Threats:

RisePro, an information-stealing malware, targets a wide range of sensitive data, including credit cards, passwords, and cryptocurrency wallets. By compromising infected devices, RisePro can steal valuable information and potentially cause significant financial and personal losses for victims.

Malware Trends Tracker     >>>
Analysis date: July 29, 2025, 08:48:16
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
risepro
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

89302F7D2A8F2170FA154D964F518FA7

SHA1:

846337A284070B54EC2D895DC4BF1A773F1A8EC0

SHA256:

5F76275CC7F8ED4C80ED17A063BC039BFB026B9ECAAB3BCD481803499E25338C

SSDEEP:

49152:m8cxiowmeYD/MrSLbUCsL4gdfxohHM6TsdsPyT+aH:m8cgowm1D/MrSLoCsL4qfxobTsdsP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • RISEPRO has been detected (YARA)

      • 5f76275cc7f8ed4c80ed17a063bc039bfb026b9ecaab3bcd481803499e25338c.exe (PID: 6404)

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • 5f76275cc7f8ed4c80ed17a063bc039bfb026b9ecaab3bcd481803499e25338c.exe (PID: 6404)

  • INFO

    • The sample compiled with english language support

      • 5f76275cc7f8ed4c80ed17a063bc039bfb026b9ecaab3bcd481803499e25338c.exe (PID: 6404)

    • Checks supported languages

      • 5f76275cc7f8ed4c80ed17a063bc039bfb026b9ecaab3bcd481803499e25338c.exe (PID: 6404)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

RisePro

(PID) Process(6404) 5f76275cc7f8ed4c80ed17a063bc039bfb026b9ecaab3bcd481803499e25338c.exe
C2 (1)193.233.132.49:50500
Strings (495)MachineGuid
imloifkgjagghnncjkhggdhalmcnfklk
aholpfdialjgjfhomihkjbmgjidlcdno
\CURRENT
amkmjjmmflddogmhpjloimipbofnfjih
\.lunarclient\settings\games\accounts.txt
DashCore
grab_games
cert9.db
\discorddevelopment
encrypted_key
\app-store.json
Anoncoin
\uCozMedia\Uran\User Data
hmeobnfnfcmdkdcmlblgagmfpfboieaf
history
Password: %s
mark_domains
HWID: %s
An uncaught exception occurred_ip2:
Storage: %s [%s]
\ElectronCash\wallets
\Mail.Ru\Atom\User Data
Nichrome
Maxthon3
mcohilncbfahbmgdjkbpemcciiolgcge
\Element
ookjlbkiijinhpmnjffcofjonbfbgaoc
\save.dat
LOCALAPPDATA
hnfanknocfeofbddgcijnmhnfnkdnaad
\Sputnik\Sputnik\User Data
bhhhlbepdkbapadjdnnojkbgioiodbic
7Star
api.myip.com/
\information.txt
os_crypt
logins
\Bither\bither.db
egjidjbpglichdcondbcbdnbeeppgdph
\.purple
grab_messengers
\multidoge.wallet
ld_geo
Web Data
\cert9.db
\Ethereum\wallets
\Microsoft\Skype for Desktop\Local Storage
\foxmail.txt
An uncaught exception occurred_ip4:
\logins.json
Finnie
Orbitum
Daedalus Mainnet
Coinbase
SELECT name_on_card, exp_month, exp_year, last_four, nickname FROM masked_credit_cards
\ElectrumLTC
Bitcoin
An uncaught exception occurred_ip0_1:
config
Elements Browser
CocCoc
bhghoamapcdpbohphigoooaddinpkbai
EVER Wallet
\Steam
An uncaught exception occurred_ip4. The type was unknown so no information was available.
\IndexedDB
SMTP Password
\CatalinaGroup\Citrio\User Data
fmblappgoiilbgafhjklehhfifbdocee
mgffkfbidihjpoaomajlbgchddlicgpn
PaliWallet
dmkamcknogkgcdfhhbddcghachkejeap
cgeeodpfagjceefieflmdfphplkenlfk
Trezor Password Manager
key4.db
Display Resolution: %dx%d
ilgcnhelpchnceeipipijaljkblbcobl
GeroWallet
EdgeMS
Leap Terra Wallet
Guarda
Eternl
DiscordDevelopment
\Battle.net
ld_autorun_scheduler
Warning!
BBQCoin
grab_vpn
nopq: %s
\Exodus\exodus.wallet
\TotalCommander
DiscordCanary
Megacoin
\Iridium\User Data
\Signal
\key4.db
winhttp.dll
Torch
EMartian Aptos Wallet
dngmlblcodfobpdpecaadgfbcggfjfnm
\Cookies
Terracoin
phkbamefinggmakgklpkljjmgibohnba
dkdedlpgdmmkkfjabffeganieamfklkm
HVNC.dll
\Torch\User Data
\Monero\wallets
\OpenVPN Connect\profiles
Brave
nkddgncdjgjfcddamfgcmfnlhccnimig
ejjladinnckdgjemekebdpeokbikhfci
Work Dir: %s
\Atomic
mark_check_passwords
\OpenVPN Connect
\Minecraft
\liebao\User Data
ld_name
MewCx
\Google(x86)\Chrome\User Data
jojhfeoedkpkglbfimdfabpdfjaoolaf
fnjhmkhhmkbjkkabndcnnogagogbneec
Display Language: %ws
\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
\LocalPrefs.json
jnkelfanjkeadonecabehalmbgpfodjm
\Sync Extension Settings\
uCozMedia
Local State
Sender Wallet
cphhlgmgameodnhkjdmkpanlelnlohao
\Microsoft\Edge\User Data
HTTP Password
ProductName
jnlgamecbpmbajjfhmmmlhejkemejdma
efbglgofoippbgcjepnhiblaibcnclgk
EOS Authenticator
country
\launcher_msa_credentials.bin
\accounts.xml
AdobeUpdaterV
ForboleX
Profiles/
An uncaught exception occurred_ip0_2. The type was unknown so no information was available.
nkbihfbeogaeaoehlefnkodbefgpgknn
pdadjkfkgcafgbceimcpbkalnfnepbnk
Keyboard Languages:
Ledger Live
Computer Name: %s
NetboxBrowser
\CryptoTab Browser\User Data
names
SMTP Server
fihkakfobkmkjojpchpfgcmhfjnmnfpi
\Binance\app-store.json
\Electrum-LTC\wallets
\Cookies.txt
www.maxmind.com/geoip/v2.1/city/me
NVIDIA
\databases
cjmkndjhnagcfbpiemnkdpomccnjblmj
\config
\MapleStudio\ChromePlus\User Data
An uncaught exception occurred_ip1:
UserName: %s
\discordptb
Comodo
NiftyWallet
IP: %s
\.minecraft\launcher_msa_credentials.bin
GAuth Authenticator
\Chedot\User Data
ld_url
mark_countries
\NetboxBrowser\User Data
mnfifefkajgofkcjkemidiaecocnkjeh
\Chromodo\User Data
domain
An uncaught exception occurred_ip0_1. The type was unknown so no information was available.
\Games
CloverWallet
Token: %s
use_hvnc
Epic Privacy Browser
\com.liberty.jaxx
\MultiDoge
E-MAIL: %s
\Growtopia
QIP Surf
schtasks /create /f /RU "
Battle.net
C:\program files (x86)\steam
fhbohimaelbohpjbbldcngcnapndodjp
Phantom
password
MetaMask
\Monero
Authenticator
Eth and Polk Web3 Wallet
DisplayVersion
Opera
SaturnWallet
\Binance
Chedot
KardiaChain
Version: %s
b.B}T
ld_marks
ld_autorun_registry
bgpipimickeadkjlklgciifhnalhdjhe
An uncaught exception occurred1:
\launcher_accounts.json
\Comodo\User Data
kpfopkelmapcoipemfendmdcghnegimn
\Google\Chrome\User Data
Storage: %s
db-ip.com/demo/home.php?s=
Date: %s
demoInfo
\GoogleAccounts
aeachknmefphepccionboohckonoeemg
cert8.db
flpiciilemghbmfalicajoolhkkenfel
mark_check_cookies
grab_wallets
Chromodo
\Jaxx Liberty
History
Freicoin
\Guarda
ibnejdfjmmkpcnlpebklmnkoeoihofec
WavesKeeper
SELECT encryptedUsername, encryptedPassword, formSubmitURL FROM moz_logins
\Network
\Chromium\User Data
Harmony
jbdaocneiiinmjbjlgalhcelgbejmnid
aiifbnbfobpmeekipheeijimdpnlpgpp
gojhcdgcpbpfigcaejpfhfegekdgiblk
\ICQ\0001
\Browsers
Florincoin
[Software]
\Ethereum
\Exodus
\Coinomi\Coinomi\wallets
\Comodo\Dragon\User Data
slickSlideAnd
\Kometa\User Data
%s [%d]
\QIP Surf\User Data
Sollet
Cookies
\Coinomi
\bither.db
liebao
Ixcoin
\Electrum
URL: %s
\Skype
grab_ds
\K-Melon\User Data
CyanoWallet
Opera Wallet
Vivaldi
Trust Wallet
kncchdigobghenbbaddojjnnaogfppfj
\Elements Browser\User Data
User Name: %s
fnnegphlobjdpkhecapkijjdkgcjhkib
blnieiiffboillknjnepogjhkgnoapac
YACoin
\discordcanary
bfnaelmomeimhlpmgjnjophhpkkoljpa
\Session Storage
GoldCoin (GLD)
Maiar DeFi Wallet
\BraveSoftware\Brave-Browser\User Data
Network\
mark_check_history
login
grab_screen
SOFTWARE\Microsoft\Windows NT\CurrentVersion
Franko
Software\Microsoft\Windows\CurrentVersion\Run
\Orbitum\User Data
MathWallet
\Electrum\wallets
\Pidgin
AuroWallet
jobA6
\passwords.txt
\.feather\accounts.json
log_watermark_line_1
Outlook
Citrio
cnmamaachppnkjgnildpdmkaakejnhae
Processor: %s
Yandex
360Browser
Petra Aptos Wallet
devcoin
NtTerminateProcess
log_watermark_line_2
oeljdldpnmdbchonielidgobddffflal
DisplayName
\cert8.db
ffnbelfdoeiohenkjibnmadjiehjhajb
Solflare
\GHISLER\wcx_ftp.ini
C:\program files\steam
\Vivaldi\User Data
profile
nlbmnnijcnlegkjjpcfjclmcfggfefdm
[Processes]
\Element\Local Storage
An uncaught exception occurred1. The type was unknown so no information was available.
LiqualityWallet
\signons.sqlite
lpfcbjknijpeeillifnkikgncikgfhdo
\wcx_ftp.ini
\Coowon\Coowon\User Data
\Wasabi
gjagmgiddbbciopjhllkdnddhcglnemk
ProcessorNameString
\key3.db
MSIUpdaterV
\Nichrome\User Data
\Bither
Discord
IOCoin
/ %s
TezBox
NeoLine
An uncaught exception occurred_ip1. The type was unknown so no information was available.
\Jaxx
\ElectronCash
Mincoin
Amigo
nanjmdknhkinifnkgdcggcfnhdaammmj
\Yandex\YandexBrowser\User Data
cards
fhilaheimglignddkjgofkcbgekhenbh
BraveWallet
\.minecraft\launcher_profiles.json
CryptoTab
This program is a virus. Do you really want to run it?
\ey_tokens.txt
Zcash
\.tlauncher\mcl\Minecraft\game\tlauncher_profiles.json
Chrome
%s [%s]
key3.db
\Amigo\User\User Data
countryCode
kmhcihpebfmpgmihbkipmjlmmioameka
ChromePlus
Wombat
epapihdplajcdnnkdeiahlgigofloibg
digitalcoin
An uncaught exception occurred_ip0_2:
Coowon
LG" /sc ONLOGON /rl HIGHEST
iso_code
\CocCoc\Browser\User Data
fhmfendgdocmcbmfikdcogofphimnkno
nopqrstuvwxyz{|
lpilbniiabackdjcionkobglmddfbcjo
https://
hpglfhgfnhbgpjdenjgmdgoeiappafln
\.minecraft\launcher_accounts.json
ld_autorun_shell
Path: %s
\Discord
Chromium
\Messengers
HR" /sc HOURLY /rl HIGHEST
Sputnik
Yoroi
Login Data
afbcbjpbpfadlkmhmclhkeeodmamcflc
APPDATA
nopqrstu
Namecoin
" /tr "
Keplr
Terra
BinanceChainWallet
cookies
odbfpeeihdkbihmopkbjmoonfanlbfcl
Local Time: %d/%d/%d %d:%d:%d
\MultiDoge\multidoge.wallet
OKX Wallet
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
GuildWallet
value
\Epic Privacy Browser\User Data
\Jaxx\Local Storage
grab_ihistory
WININET.DLL
aaaaa
iWallet
\launcher_profiles.json
aijcbedoijmgnlmjeegjaglmepbmpkpi
An uncaught exception occurred_ip2. The type was unknown so no information was available.
Exodus_E
ChromiumViewer
hcflpincpppdclinealmandijcmnkbgn
Bolt X
\Growtopia\save.dat
nhnkbkgjikgcigadomkphalanndcapjk
grab_tg
\profiles.ini
ALLUSERSPROFILE
Login: %s
grab_ftp
Reddcoin
Location: %s, %s
HARDWARE\DESCRIPTION\System\CentralProcessor\0
Temple
coin98
Hashpack
\accounts.txt
kkpllkodjeloidieedojogacfhpaihoh
%s\%s
Oxygen
\tlauncher_profiles.json
Jaxx Liberty Extension
Windows: %s [%s]
1.1.1.1
\CentBrowser\User Data
EQUALWallet
\FeatherClient
\Passwords.txt
Steam
ICONex
POP3 Password
\Armory
XDEFI Wallet
ipinfo.io/widget/demo/
Iridium
VideoCard #%d: %s
api64.ipify.org/?format=json
CPU Count: %d
merge_browser_data
Rabby
Chrome (x86)
RoninWallet
gtokens
\discord.txt
PolymeshWallet
\Uran\User Data
\atomic\Local Storage
\Opera Software
jobA5
WindowsCredentials
LocalPrefs.json
\NVIDIA Corporation\NVIDIA GeForce Experience
Dragon
\TLauncher
Infinitecoin
USERPROFILE
Pontem Aptos Wallet
Unknown
\LunarClient
cjelfplplebdjjenllpjcblmjkfcffne
\History
Litecoin
\FileZilla
[Hardware]
DiscordPTB
aodkkagnadcbobfpggfnjeongemjbjca
" /tn "
Braavos wallet
\config.json
K-Melon
Dogecoin
log_watermark_line_3
BitAppWallet
\Local Storage
\360Browser\Browser\User Data
RAM: %u MB
acmacodkjbdgmoleebolmdjonilkdbch
SELECT host_key, is_httponly, path, is_secure, expires_utc, name, value, encrypted_value FROM cookies
TronLink
\WalletWasabi\Client\Wallets
\7Star\7Star\User Data
formSubmitURL
\Maxthon3\User Data
\accounts.json
CentBrowser
Primecoin
Kometa
SOFTWARE\Microsoft\Cryptography
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:01 11:29:07+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.34
CodeSize: 1089024
InitializedDataSize: 224256
UninitializedDataSize: -
EntryPoint: 0xdc5cc
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 12.6.0.6783
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: HeidiSQL 12.6.0.6783 32 Bit
FileVersion: 12.6.0.6783
InternalName: heidisql.exe
LegalCopyright: Ansgar Becker, see gpl.txt
OriginalFileName: heidisql.exe
ProductName: HeidiSQL
ProductVersion: 0.0.0.0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
136
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #RISEPRO 5f76275cc7f8ed4c80ed17a063bc039bfb026b9ecaab3bcd481803499e25338c.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
4320C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6404"C:\Users\admin\AppData\Local\Temp\5f76275cc7f8ed4c80ed17a063bc039bfb026b9ecaab3bcd481803499e25338c.exe" C:\Users\admin\AppData\Local\Temp\5f76275cc7f8ed4c80ed17a063bc039bfb026b9ecaab3bcd481803499e25338c.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
HeidiSQL 12.6.0.6783 32 Bit
Version:
12.6.0.6783
Modules
Images
c:\users\admin\appdata\local\temp\5f76275cc7f8ed4c80ed17a063bc039bfb026b9ecaab3bcd481803499e25338c.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
RisePro
(PID) Process(6404) 5f76275cc7f8ed4c80ed17a063bc039bfb026b9ecaab3bcd481803499e25338c.exe
C2 (1)193.233.132.49:50500
Strings (495)MachineGuid
imloifkgjagghnncjkhggdhalmcnfklk
aholpfdialjgjfhomihkjbmgjidlcdno
\CURRENT
amkmjjmmflddogmhpjloimipbofnfjih
\.lunarclient\settings\games\accounts.txt
DashCore
grab_games
cert9.db
\discorddevelopment
encrypted_key
\app-store.json
Anoncoin
\uCozMedia\Uran\User Data
hmeobnfnfcmdkdcmlblgagmfpfboieaf
history
Password: %s
mark_domains
HWID: %s
An uncaught exception occurred_ip2:
Storage: %s [%s]
\ElectronCash\wallets
\Mail.Ru\Atom\User Data
Nichrome
Maxthon3
mcohilncbfahbmgdjkbpemcciiolgcge
\Element
ookjlbkiijinhpmnjffcofjonbfbgaoc
\save.dat
LOCALAPPDATA
hnfanknocfeofbddgcijnmhnfnkdnaad
\Sputnik\Sputnik\User Data
bhhhlbepdkbapadjdnnojkbgioiodbic
7Star
api.myip.com/
\information.txt
os_crypt
logins
\Bither\bither.db
egjidjbpglichdcondbcbdnbeeppgdph
\.purple
grab_messengers
\multidoge.wallet
ld_geo
Web Data
\cert9.db
\Ethereum\wallets
\Microsoft\Skype for Desktop\Local Storage
\foxmail.txt
An uncaught exception occurred_ip4:
\logins.json
Finnie
Orbitum
Daedalus Mainnet
Coinbase
SELECT name_on_card, exp_month, exp_year, last_four, nickname FROM masked_credit_cards
\ElectrumLTC
Bitcoin
An uncaught exception occurred_ip0_1:
config
Elements Browser
CocCoc
bhghoamapcdpbohphigoooaddinpkbai
EVER Wallet
\Steam
An uncaught exception occurred_ip4. The type was unknown so no information was available.
\IndexedDB
SMTP Password
\CatalinaGroup\Citrio\User Data
fmblappgoiilbgafhjklehhfifbdocee
mgffkfbidihjpoaomajlbgchddlicgpn
PaliWallet
dmkamcknogkgcdfhhbddcghachkejeap
cgeeodpfagjceefieflmdfphplkenlfk
Trezor Password Manager
key4.db
Display Resolution: %dx%d
ilgcnhelpchnceeipipijaljkblbcobl
GeroWallet
EdgeMS
Leap Terra Wallet
Guarda
Eternl
DiscordDevelopment
\Battle.net
ld_autorun_scheduler
Warning!
BBQCoin
grab_vpn
nopq: %s
\Exodus\exodus.wallet
\TotalCommander
DiscordCanary
Megacoin
\Iridium\User Data
\Signal
\key4.db
winhttp.dll
Torch
EMartian Aptos Wallet
dngmlblcodfobpdpecaadgfbcggfjfnm
\Cookies
Terracoin
phkbamefinggmakgklpkljjmgibohnba
dkdedlpgdmmkkfjabffeganieamfklkm
HVNC.dll
\Torch\User Data
\Monero\wallets
\OpenVPN Connect\profiles
Brave
nkddgncdjgjfcddamfgcmfnlhccnimig
ejjladinnckdgjemekebdpeokbikhfci
Work Dir: %s
\Atomic
mark_check_passwords
\OpenVPN Connect
\Minecraft
\liebao\User Data
ld_name
MewCx
\Google(x86)\Chrome\User Data
jojhfeoedkpkglbfimdfabpdfjaoolaf
fnjhmkhhmkbjkkabndcnnogagogbneec
Display Language: %ws
\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
\LocalPrefs.json
jnkelfanjkeadonecabehalmbgpfodjm
\Sync Extension Settings\
uCozMedia
Local State
Sender Wallet
cphhlgmgameodnhkjdmkpanlelnlohao
\Microsoft\Edge\User Data
HTTP Password
ProductName
jnlgamecbpmbajjfhmmmlhejkemejdma
efbglgofoippbgcjepnhiblaibcnclgk
EOS Authenticator
country
\launcher_msa_credentials.bin
\accounts.xml
AdobeUpdaterV
ForboleX
Profiles/
An uncaught exception occurred_ip0_2. The type was unknown so no information was available.
nkbihfbeogaeaoehlefnkodbefgpgknn
pdadjkfkgcafgbceimcpbkalnfnepbnk
Keyboard Languages:
Ledger Live
Computer Name: %s
NetboxBrowser
\CryptoTab Browser\User Data
names
SMTP Server
fihkakfobkmkjojpchpfgcmhfjnmnfpi
\Binance\app-store.json
\Electrum-LTC\wallets
\Cookies.txt
www.maxmind.com/geoip/v2.1/city/me
NVIDIA
\databases
cjmkndjhnagcfbpiemnkdpomccnjblmj
\config
\MapleStudio\ChromePlus\User Data
An uncaught exception occurred_ip1:
UserName: %s
\discordptb
Comodo
NiftyWallet
IP: %s
\.minecraft\launcher_msa_credentials.bin
GAuth Authenticator
\Chedot\User Data
ld_url
mark_countries
\NetboxBrowser\User Data
mnfifefkajgofkcjkemidiaecocnkjeh
\Chromodo\User Data
domain
An uncaught exception occurred_ip0_1. The type was unknown so no information was available.
\Games
CloverWallet
Token: %s
use_hvnc
Epic Privacy Browser
\com.liberty.jaxx
\MultiDoge
E-MAIL: %s
\Growtopia
QIP Surf
schtasks /create /f /RU "
Battle.net
C:\program files (x86)\steam
fhbohimaelbohpjbbldcngcnapndodjp
Phantom
password
MetaMask
\Monero
Authenticator
Eth and Polk Web3 Wallet
DisplayVersion
Opera
SaturnWallet
\Binance
Chedot
KardiaChain
Version: %s
b.B}T
ld_marks
ld_autorun_registry
bgpipimickeadkjlklgciifhnalhdjhe
An uncaught exception occurred1:
\launcher_accounts.json
\Comodo\User Data
kpfopkelmapcoipemfendmdcghnegimn
\Google\Chrome\User Data
Storage: %s
db-ip.com/demo/home.php?s=
Date: %s
demoInfo
\GoogleAccounts
aeachknmefphepccionboohckonoeemg
cert8.db
flpiciilemghbmfalicajoolhkkenfel
mark_check_cookies
grab_wallets
Chromodo
\Jaxx Liberty
History
Freicoin
\Guarda
ibnejdfjmmkpcnlpebklmnkoeoihofec
WavesKeeper
SELECT encryptedUsername, encryptedPassword, formSubmitURL FROM moz_logins
\Network
\Chromium\User Data
Harmony
jbdaocneiiinmjbjlgalhcelgbejmnid
aiifbnbfobpmeekipheeijimdpnlpgpp
gojhcdgcpbpfigcaejpfhfegekdgiblk
\ICQ\0001
\Browsers
Florincoin
[Software]
\Ethereum
\Exodus
\Coinomi\Coinomi\wallets
\Comodo\Dragon\User Data
slickSlideAnd
\Kometa\User Data
%s [%d]
\QIP Surf\User Data
Sollet
Cookies
\Coinomi
\bither.db
liebao
Ixcoin
\Electrum
URL: %s
\Skype
grab_ds
\K-Melon\User Data
CyanoWallet
Opera Wallet
Vivaldi
Trust Wallet
kncchdigobghenbbaddojjnnaogfppfj
\Elements Browser\User Data
User Name: %s
fnnegphlobjdpkhecapkijjdkgcjhkib
blnieiiffboillknjnepogjhkgnoapac
YACoin
\discordcanary
bfnaelmomeimhlpmgjnjophhpkkoljpa
\Session Storage
GoldCoin (GLD)
Maiar DeFi Wallet
\BraveSoftware\Brave-Browser\User Data
Network\
mark_check_history
login
grab_screen
SOFTWARE\Microsoft\Windows NT\CurrentVersion
Franko
Software\Microsoft\Windows\CurrentVersion\Run
\Orbitum\User Data
MathWallet
\Electrum\wallets
\Pidgin
AuroWallet
jobA6
\passwords.txt
\.feather\accounts.json
log_watermark_line_1
Outlook
Citrio
cnmamaachppnkjgnildpdmkaakejnhae
Processor: %s
Yandex
360Browser
Petra Aptos Wallet
devcoin
NtTerminateProcess
log_watermark_line_2
oeljdldpnmdbchonielidgobddffflal
DisplayName
\cert8.db
ffnbelfdoeiohenkjibnmadjiehjhajb
Solflare
\GHISLER\wcx_ftp.ini
C:\program files\steam
\Vivaldi\User Data
profile
nlbmnnijcnlegkjjpcfjclmcfggfefdm
[Processes]
\Element\Local Storage
An uncaught exception occurred1. The type was unknown so no information was available.
LiqualityWallet
\signons.sqlite
lpfcbjknijpeeillifnkikgncikgfhdo
\wcx_ftp.ini
\Coowon\Coowon\User Data
\Wasabi
gjagmgiddbbciopjhllkdnddhcglnemk
ProcessorNameString
\key3.db
MSIUpdaterV
\Nichrome\User Data
\Bither
Discord
IOCoin
/ %s
TezBox
NeoLine
An uncaught exception occurred_ip1. The type was unknown so no information was available.
\Jaxx
\ElectronCash
Mincoin
Amigo
nanjmdknhkinifnkgdcggcfnhdaammmj
\Yandex\YandexBrowser\User Data
cards
fhilaheimglignddkjgofkcbgekhenbh
BraveWallet
\.minecraft\launcher_profiles.json
CryptoTab
This program is a virus. Do you really want to run it?
\ey_tokens.txt
Zcash
\.tlauncher\mcl\Minecraft\game\tlauncher_profiles.json
Chrome
%s [%s]
key3.db
\Amigo\User\User Data
countryCode
kmhcihpebfmpgmihbkipmjlmmioameka
ChromePlus
Wombat
epapihdplajcdnnkdeiahlgigofloibg
digitalcoin
An uncaught exception occurred_ip0_2:
Coowon
LG" /sc ONLOGON /rl HIGHEST
iso_code
\CocCoc\Browser\User Data
fhmfendgdocmcbmfikdcogofphimnkno
nopqrstuvwxyz{|
lpilbniiabackdjcionkobglmddfbcjo
https://
hpglfhgfnhbgpjdenjgmdgoeiappafln
\.minecraft\launcher_accounts.json
ld_autorun_shell
Path: %s
\Discord
Chromium
\Messengers
HR" /sc HOURLY /rl HIGHEST
Sputnik
Yoroi
Login Data
afbcbjpbpfadlkmhmclhkeeodmamcflc
APPDATA
nopqrstu
Namecoin
" /tr "
Keplr
Terra
BinanceChainWallet
cookies
odbfpeeihdkbihmopkbjmoonfanlbfcl
Local Time: %d/%d/%d %d:%d:%d
\MultiDoge\multidoge.wallet
OKX Wallet
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
GuildWallet
value
\Epic Privacy Browser\User Data
\Jaxx\Local Storage
grab_ihistory
WININET.DLL
aaaaa
iWallet
\launcher_profiles.json
aijcbedoijmgnlmjeegjaglmepbmpkpi
An uncaught exception occurred_ip2. The type was unknown so no information was available.
Exodus_E
ChromiumViewer
hcflpincpppdclinealmandijcmnkbgn
Bolt X
\Growtopia\save.dat
nhnkbkgjikgcigadomkphalanndcapjk
grab_tg
\profiles.ini
ALLUSERSPROFILE
Login: %s
grab_ftp
Reddcoin
Location: %s, %s
HARDWARE\DESCRIPTION\System\CentralProcessor\0
Temple
coin98
Hashpack
\accounts.txt
kkpllkodjeloidieedojogacfhpaihoh
%s\%s
Oxygen
\tlauncher_profiles.json
Jaxx Liberty Extension
Windows: %s [%s]
1.1.1.1
\CentBrowser\User Data
EQUALWallet
\FeatherClient
\Passwords.txt
Steam
ICONex
POP3 Password
\Armory
XDEFI Wallet
ipinfo.io/widget/demo/
Iridium
VideoCard #%d: %s
api64.ipify.org/?format=json
CPU Count: %d
merge_browser_data
Rabby
Chrome (x86)
RoninWallet
gtokens
\discord.txt
PolymeshWallet
\Uran\User Data
\atomic\Local Storage
\Opera Software
jobA5
WindowsCredentials
LocalPrefs.json
\NVIDIA Corporation\NVIDIA GeForce Experience
Dragon
\TLauncher
Infinitecoin
USERPROFILE
Pontem Aptos Wallet
Unknown
\LunarClient
cjelfplplebdjjenllpjcblmjkfcffne
\History
Litecoin
\FileZilla
[Hardware]
DiscordPTB
aodkkagnadcbobfpggfnjeongemjbjca
" /tn "
Braavos wallet
\config.json
K-Melon
Dogecoin
log_watermark_line_3
BitAppWallet
\Local Storage
\360Browser\Browser\User Data
RAM: %u MB
acmacodkjbdgmoleebolmdjonilkdbch
SELECT host_key, is_httponly, path, is_secure, expires_utc, name, value, encrypted_value FROM cookies
TronLink
\WalletWasabi\Client\Wallets
\7Star\7Star\User Data
formSubmitURL
\Maxthon3\User Data
\accounts.json
CentBrowser
Primecoin
Kometa
SOFTWARE\Microsoft\Cryptography
Total events
242
Read events
242
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
20
DNS requests
14
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5724
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1808
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1808
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6388
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5724
svchost.exe
20.190.160.130:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5724
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1268
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
23.216.77.42:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
whitelisted
google.com
  • 216.58.206.78
whitelisted
login.live.com
  • 20.190.160.130
  • 40.126.32.134
  • 40.126.32.140
  • 40.126.32.136
  • 20.190.160.17
  • 20.190.160.131
  • 20.190.160.22
  • 20.190.160.64
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
crl.microsoft.com
  • 23.216.77.42
  • 23.216.77.6
  • 23.216.77.25
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted
self.events.data.microsoft.com
  • 20.42.65.89
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
5f76275cc7f8ed4c80ed17a063bc039bfb026b9ecaab3bcd481803499e25338c