File name:

BClickerDownloader-v16.exe

Full analysis: https://app.any.run/tasks/6e93929c-9f77-4b09-a793-9a649865e7b4
Verdict: Malicious activity
Analysis date: April 29, 2025, 09:13:38
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
golang
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 15 sections
MD5:

45498584F4EE39C214B7836871726197

SHA1:

4856DE05038019E7A153240094C0C0636ED70B04

SHA256:

652B30176E26149F136ABC39493E79557343FED3BBA35B87578D71D65723AC81

SSDEEP:

98304:grMetHr/N7QsDSgPtB7Qcs8M+rGZ63FS16g27x+c7JL4nxQu9HUIxJq6qrqNsAT1:stVD9ft36G

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Gets path to any of the special folders (SCRIPT)

      • wscript.exe (PID: 7956)
      • wscript.exe (PID: 8000)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • BClickerDownloader-v16.exe (PID: 7684)

    • The process executes VB scripts

      • BClickerDownloader-v16.exe (PID: 7684)

    • Adds/modifies Windows certificates

      • BClickerDownloader-v16.exe (PID: 7684)

    • There is functionality for taking screenshot (YARA)

      • BClickerDownloader-v16.exe (PID: 7684)
      • BuzkaaClicker.exe (PID: 8156)

    • Reads security settings of Internet Explorer

      • BuzkaaClicker.exe (PID: 8156)

  • INFO

    • Reads the computer name

      • BClickerDownloader-v16.exe (PID: 7684)
      • BuzkaaClicker.exe (PID: 8156)
      • identity_helper.exe (PID: 7984)

    • Checks supported languages

      • BClickerDownloader-v16.exe (PID: 7684)
      • BuzkaaClicker.exe (PID: 8156)
      • identity_helper.exe (PID: 7984)

    • Reads the machine GUID from the registry

      • BClickerDownloader-v16.exe (PID: 7684)
      • BuzkaaClicker.exe (PID: 8156)

    • Reads the software policy settings

      • BClickerDownloader-v16.exe (PID: 7684)
      • BuzkaaClicker.exe (PID: 8156)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • BClickerDownloader-v16.exe (PID: 7684)

    • Create files in a temporary directory

      • BClickerDownloader-v16.exe (PID: 7684)

    • Application based on Golang

      • BClickerDownloader-v16.exe (PID: 7684)

    • Detects GO elliptic curve encryption (YARA)

      • BClickerDownloader-v16.exe (PID: 7684)

    • Manual execution by a user

      • BuzkaaClicker.exe (PID: 8156)

    • Disables trace logs

      • BuzkaaClicker.exe (PID: 8156)

    • Checks proxy server information

      • BuzkaaClicker.exe (PID: 8156)

    • Application launched itself

      • msedge.exe (PID: 7692)
      • msedge.exe (PID: 4200)

    • Reads Environment values

      • identity_helper.exe (PID: 7984)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.3)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 0000:00:00 00:00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit, No debug
PEType: PE32
LinkerVersion: 3
CodeSize: 3704832
InitializedDataSize: 247808
UninitializedDataSize: -
EntryPoint: 0x52260
OSVersion: 6.1
ImageVersion: 1
SubsystemVersion: 6.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
167
Monitored processes
43
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start bclickerdownloader-v16.exe svchost.exe wscript.exe no specs wscript.exe no specs buzkaaclicker.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3728 --field-trial-handle=2012,i,1666031339346690043,2902389177309326774,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
516"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5472 --field-trial-handle=2364,i,6289422644994019389,9436074109614797595,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
672"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4948 --field-trial-handle=2364,i,6289422644994019389,9436074109614797595,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
720"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5772 --field-trial-handle=2012,i,1666031339346690043,2902389177309326774,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1228"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2004 --field-trial-handle=2012,i,1666031339346690043,2902389177309326774,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1272"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4376 --field-trial-handle=2364,i,6289422644994019389,9436074109614797595,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1512"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4984 --field-trial-handle=2364,i,6289422644994019389,9436074109614797595,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2092"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3728 --field-trial-handle=2012,i,1666031339346690043,2902389177309326774,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2244"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2892 --field-trial-handle=2364,i,6289422644994019389,9436074109614797595,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
12 361
Read events
12 311
Write events
44
Delete events
6

Modification events

(PID) Process:(7684) BClickerDownloader-v16.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2A1D6027D94AB10A1C4D915CCD33A0CB3E2D54CB
Operation:writeName:Blob
Value:
5C000000010000000400000080010000140000000100000014000000804CD6EB74FF4936A3D5D8FCB53EC56AF0941D8C62000000010000002000000071CCA5391F9E794B04802530B363E121DA8A3043BB26662FEA4DCA7FC951A4BD19000000010000001000000086665B2DECDDA69376F98E02CD5FA29A0300000001000000140000002A1D6027D94AB10A1C4D915CCD33A0CB3E2D54CB0F0000000100000030000000DF03EE17776FAE07203AE956F6094206455C833A06297419E38793A34C4E010E8E0DD06107E0CD574F970FB35FB7C04E09000000010000002A000000302806082B0601050507030206082B0601050507030406082B0601050507030106082B060105050703080B0000000100000018000000470054005300200052006F006F00740020005200340000001D00000001000000100000006D81CF5A57E7A81939F2FA048E7CB95020000000010000000E0200003082020A30820191A00302010202106E47A9C88B94B6E8BB3B2AD8A2B2C199300A06082A8648CE3D0403033047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F74205234301E170D3136303632323030303030305A170D3336303632323030303030305A3047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F742052343076301006072A8648CE3D020106052B8104002203620004F37473A7688B60AE43B835C581307B4B499DFBC161CEE6DE46BD6BD5611835AE40DD73F78991305AEB3CEE857CA240763BA9C6B847D82AE792916A73E9B172399F299FA298D35F5E5886650FA1846506D1DC8BC9C773C88C6A2FE5C4ABD11D8AA3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E04160414804CD6EB74FF4936A3D5D8FCB53EC56AF0941D8C300A06082A8648CE3D040303036700306402306A50527408C470DC9E507421E88D7A21C34F966E15D12235612DFA0837EE196DADDBB2CC7D0734F560192CB534D96F2002300371B1BAA3600B86ED9A086A95689FE2B3E193647C5E93A6DF792D8D85E394CF235D71CCF2B04DD6FE99C894A975A2E3
(PID) Process:(7684) BClickerDownloader-v16.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
Operation:delete valueName:2A1D6027D94AB10A1C4D915CCD33A0CB3E2D54CB
Value:
(PID) Process:(7684) BClickerDownloader-v16.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2A1D6027D94AB10A1C4D915CCD33A0CB3E2D54CB
Operation:delete keyName:(default)
Value:
(PID) Process:(7684) BClickerDownloader-v16.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2A1D6027D94AB10A1C4D915CCD33A0CB3E2D54CB
Operation:writeName:Blob
Value:
0400000001000000100000005DB66AC46017246A1A99A84BEE5EB426140000000100000014000000804CD6EB74FF4936A3D5D8FCB53EC56AF0941D8C62000000010000002000000071CCA5391F9E794B04802530B363E121DA8A3043BB26662FEA4DCA7FC951A4BD19000000010000001000000086665B2DECDDA69376F98E02CD5FA29A0300000001000000140000002A1D6027D94AB10A1C4D915CCD33A0CB3E2D54CB0F0000000100000030000000DF03EE17776FAE07203AE956F6094206455C833A06297419E38793A34C4E010E8E0DD06107E0CD574F970FB35FB7C04E09000000010000002A000000302806082B0601050507030206082B0601050507030406082B0601050507030106082B060105050703080B0000000100000018000000470054005300200052006F006F00740020005200340000001D00000001000000100000006D81CF5A57E7A81939F2FA048E7CB95020000000010000000E0200003082020A30820191A00302010202106E47A9C88B94B6E8BB3B2AD8A2B2C199300A06082A8648CE3D0403033047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F74205234301E170D3136303632323030303030305A170D3336303632323030303030305A3047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F742052343076301006072A8648CE3D020106052B8104002203620004F37473A7688B60AE43B835C581307B4B499DFBC161CEE6DE46BD6BD5611835AE40DD73F78991305AEB3CEE857CA240763BA9C6B847D82AE792916A73E9B172399F299FA298D35F5E5886650FA1846506D1DC8BC9C773C88C6A2FE5C4ABD11D8AA3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E04160414804CD6EB74FF4936A3D5D8FCB53EC56AF0941D8C300A06082A8648CE3D040303036700306402306A50527408C470DC9E507421E88D7A21C34F966E15D12235612DFA0837EE196DADDBB2CC7D0734F560192CB534D96F2002300371B1BAA3600B86ED9A086A95689FE2B3E193647C5E93A6DF792D8D85E394CF235D71CCF2B04DD6FE99C894A975A2E3
(PID) Process:(8156) BuzkaaClicker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BuzkaaClicker_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(8156) BuzkaaClicker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BuzkaaClicker_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(8156) BuzkaaClicker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BuzkaaClicker_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(8156) BuzkaaClicker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BuzkaaClicker_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(8156) BuzkaaClicker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BuzkaaClicker_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(8156) BuzkaaClicker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BuzkaaClicker_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
Executable files
14
Suspicious files
250
Text files
53
Unknown types
0

Dropped files

PID
Process
Filename
Type
4200msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF113a08.TMP
MD5:
SHA256:
4200msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
4200msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG.oldtext
MD5:798EBA8558D3655BC5D2B61984B3BF12
SHA256:04EB76D36567C4FD801C5583AA34A18A081D9030BAE3034D8F81D419A797221D
7684BClickerDownloader-v16.exeC:\BuzkaaClicker\BuzkaaClicker.exeexecutable
MD5:E75CC194D0FA05153558A32CE48B0FDD
SHA256:668B879354EB7CE2665A1B248C1ED4F8398718EBE832B9D8F9CEA9D623AC9019
4200msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF113a08.TMP
MD5:
SHA256:
4200msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
4200msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF113a08.TMP
MD5:
SHA256:
4200msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
4200msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF113a18.TMP
MD5:
SHA256:
4200msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
50
DNS requests
56
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.216.77.36:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4980
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
4980
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
23.216.77.36:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.160.66:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
7684
BClickerDownloader-v16.exe
172.67.188.78:443
apiv2.makin.cc
CLOUDFLARENET
US
suspicious
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7684
BClickerDownloader-v16.exe
104.21.32.243:443
apiv2.makin.cc
CLOUDFLARENET
suspicious

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.216.77.36
  • 23.216.77.20
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
google.com
  • 172.217.16.206
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.160.66
  • 20.190.160.20
  • 20.190.160.67
  • 20.190.160.17
  • 20.190.160.2
  • 20.190.160.5
  • 20.190.160.3
  • 20.190.160.14
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
apiv2.makin.cc
  • 172.67.188.78
  • 104.21.32.243
unknown
www.makin.cc
  • 104.21.32.243
  • 172.67.188.78
unknown
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
2196
svchost.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BClickerDownloader-v16.exe