File name:

2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader

Full analysis: https://app.any.run/tasks/3adfba51-5c69-4937-867c-c5e0a812dc78
Verdict: Malicious activity
Analysis date: June 25, 2025, 16:45:00
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

A8AD0D5FEF091E10BA215E99E69EAA7A

SHA1:

450DE39689DF381CAE738AC1336C35E38C1218D3

SHA256:

6E1D259B8E6FAEE2B4BA279A0B5A2BCE74D32108CA75D38147B0C079DB2622AF

SSDEEP:

12288:randlRrADiU4WoXDcccfYpsTj2i/MApVEwcBc8lLVYjBEMDCb/oZWC:r31KFSTjH/MkCjLVYjBEMDCcR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Changes the title of the Internet Explorer window

      • 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe (PID: 3100)

    • Executable content was dropped or overwritten

      • 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe (PID: 3100)

    • Changes the Home page of Internet Explorer

      • 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe (PID: 3100)

    • Creates a software uninstall entry

      • 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe (PID: 3100)

    • Reads security settings of Internet Explorer

      • 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe (PID: 3100)

    • Reads the date of Windows installation

      • 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe (PID: 3100)

    • There is functionality for taking screenshot (YARA)

      • 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe (PID: 3100)

    • Hides command output

      • cmd.exe (PID: 7504)

    • Starts CMD.EXE for commands execution

      • 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe (PID: 3100)

    • Runs PING.EXE to delay simulation

      • cmd.exe (PID: 7504)

  • INFO

    • Checks supported languages

      • 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe (PID: 3100)
      • identity_helper.exe (PID: 4920)

    • The sample compiled with english language support

      • 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe (PID: 3100)

    • Creates files or folders in the user directory

      • 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe (PID: 3100)

    • Reads the computer name

      • 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe (PID: 3100)
      • identity_helper.exe (PID: 4920)

    • Reads the machine GUID from the registry

      • 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe (PID: 3100)

    • Process checks computer location settings

      • 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe (PID: 3100)

    • Application launched itself

      • msedge.exe (PID: 1332)
      • msedge.exe (PID: 3396)

    • Reads Environment values

      • identity_helper.exe (PID: 4920)

    • Checks proxy server information

      • 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe (PID: 3100)
      • slui.exe (PID: 8068)

    • Reads the software policy settings

      • slui.exe (PID: 8068)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:11:22 08:45:43+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.11
CodeSize: 262144
InitializedDataSize: 866816
UninitializedDataSize: -
EntryPoint: 0x2068c
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 4.2.0.8
ProductVersionNumber: 4.2.0.8
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Cloud Installer
FileDescription: IESettings
FileVersion: 4, 2, 0, 8
InternalName: IESettings
LegalCopyright: Copyright (C) 2017 Cloud Installer
OriginalFileName: IESettings
ProductName: IESettings
ProductVersion: 4, 2, 0, 8
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
169
Monitored processes
31
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe iexplore.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs ping.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1232"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5236,i,13874101219806782391,11882697906216271896,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1332"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=8 -- "about:blank"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1984"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5952,i,13874101219806782391,11882697906216271896,262144 --variations-seed-version --mojo-platform-channel-handle=5968 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
2076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4316,i,13874101219806782391,11882697906216271896,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2180"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3092,i,13874101219806782391,11882697906216271896,262144 --variations-seed-version --mojo-platform-channel-handle=3680 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2228"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5580,i,13874101219806782391,11882697906216271896,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3100"C:\Users\admin\Desktop\2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe" C:\Users\admin\Desktop\2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe
explorer.exe
User:
admin
Company:
Cloud Installer
Integrity Level:
MEDIUM
Description:
IESettings
Exit code:
0
Version:
4, 2, 0, 8
Modules
Images
c:\users\admin\desktop\2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3196"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2500,i,13874101219806782391,11882697906216271896,262144 --variations-seed-version --mojo-platform-channel-handle=2496 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3396"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=8 --edge-skip-compat-layer-relaunch -- about:blankC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4080"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2124,i,13874101219806782391,11882697906216271896,262144 --variations-seed-version --mojo-platform-channel-handle=2572 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
10 865
Read events
10 795
Write events
66
Delete events
4

Modification events

(PID) Process:(3100) 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D7E5D52A-3F1A-4CA4-ACE3-AD5E8487FA9E}
Operation:writeName:DisplayName
Value:
Search
(PID) Process:(3100) 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D7E5D52A-3F1A-4CA4-ACE3-AD5E8487FA9E}
Operation:writeName:URL
Value:
http://search.hmyquickconverter.com/s?source=s-googlepartners-bb8&uid=41d35894-59e6-48f3-80fa-5b33a9eaef40&uc=20180202&ap=appfocus1&i_id=converter__1.30&query={searchTerms}
(PID) Process:(3100) 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D7E5D52A-3F1A-4CA4-ACE3-AD5E8487FA9E}
Operation:writeName:SuggestionsURL
Value:
https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}
(PID) Process:(3100) 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
Operation:writeName:DefaultScope
Value:
{D7E5D52A-3F1A-4CA4-ACE3-AD5E8487FA9E}
(PID) Process:(3100) 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:Start Page
Value:
http://search.hmyquickconverter.com/?source=s-googlepartners-bb8&uid=41d35894-59e6-48f3-80fa-5b33a9eaef40&uc=20180202&ap=appfocus1&i_id=converter__1.30
(PID) Process:(3100) 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ContinuousBrowsing
Operation:writeName:Enabled
Value:
0
(PID) Process:(3100) 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NewTabPageShow
Value:
1
(PID) Process:(3100) 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Operation:writeName:DisplayName
Value:
My Quick Converter
(PID) Process:(3100) 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Operation:writeName:DisplayVersion
Value:
4.2.0.8
(PID) Process:(3100) 2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Operation:writeName:Publisher
Value:
Cloud Installer
Executable files
1
Suspicious files
73
Text files
47
Unknown types
27

Dropped files

PID
Process
Filename
Type
3396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF176b7b.TMP
MD5:
SHA256:
3396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF176b9b.TMP
MD5:
SHA256:
3396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
3396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF176b6c.TMP
MD5:
SHA256:
3396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
3396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF176baa.TMP
MD5:
SHA256:
3396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
3396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF176bba.TMP
MD5:
SHA256:
3396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF176bba.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
74
TCP/UDP connections
81
DNS requests
53
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6672
RUXIMICS.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6672
RUXIMICS.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=51&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1741678270&lafgdate=0
unknown
binary
1.47 Kb
whitelisted
POST
200
40.126.31.128:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
GET
200
104.126.37.169:443
https://copilot.microsoft.com/c/api/user/eligibility
unknown
binary
25 b
whitelisted
GET
200
150.171.27.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
binary
715 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6672
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
5944
MoUsoCoreWorker.exe
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
6672
RUXIMICS.exe
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
1268
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
5944
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
  • 51.124.78.146
whitelisted
google.com
  • 142.250.186.46
whitelisted
search.hmyquickconverter.com
  • 3.215.244.169
  • 3.90.131.4
whitelisted
crl.microsoft.com
  • 2.16.168.114
  • 2.16.168.124
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 95.101.149.131
whitelisted
login.live.com
  • 20.190.159.4
  • 40.126.31.0
  • 20.190.159.23
  • 40.126.31.3
  • 20.190.159.71
  • 20.190.159.64
  • 20.190.159.68
  • 40.126.31.128
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
copilot.microsoft.com
  • 2.23.227.199
  • 2.23.227.211
whitelisted
www.bing.com
  • 2.16.241.218
  • 2.16.241.205
  • 2.16.241.201
  • 2.23.227.208
  • 2.23.227.215
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-06-25_a8ad0d5fef091e10ba215e99e69eaa7a_amadey_black-basta_elex_luca-stealer_remcos_smoke-loader