URL:

https://dropmefiles.com/cNEyM

Full analysis: https://app.any.run/tasks/ba8dba58-38b7-40e9-b681-c51315fea507
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: March 24, 2025, 12:06:55
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
autorun-download
adware
loader
arch-scr
arch-doc
xor-url
generic
arch-html
stealer
Indicators:
MD5:

91CFCD551882D99A18E4F573E2AE372B

SHA1:

8766F2E2142FBE09C84604748CDABCCC59EEA939

SHA256:

8EF906114BD9F7BECF55D79EA80E679677A28946C88A4A7F348A01113BD75A7C

SSDEEP:

3:N8PKV9DNd0Z:2oDNd0Z

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • JDownloaderSetup.exe (PID: 3956)

    • ADWARE has been detected (SURICATA)

      • JDownloaderSetup.exe (PID: 3956)

    • XORed URL has been found (YARA)

      • JDownloaderSetup.exe (PID: 3956)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 7712)
      • WinRAR.exe (PID: 5116)
      • JDownloaderSetup.exe (PID: 3956)
      • ShellExperienceHost.exe (PID: 872)

    • Application launched itself

      • WinRAR.exe (PID: 7712)

    • Executable content was dropped or overwritten

      • JDownloaderSetup.exe (PID: 3956)
      • Carrier.exe (PID: 2088)

    • The process drops C-runtime libraries

      • JDownloaderSetup.exe (PID: 3956)
      • Carrier.exe (PID: 2088)

    • The process creates files with name similar to system file names

      • JDownloaderSetup.exe (PID: 3956)

    • Access to an unwanted program domain was detected

      • JDownloaderSetup.exe (PID: 3956)

    • Process drops legitimate windows executable

      • JDownloaderSetup.exe (PID: 3956)
      • Carrier.exe (PID: 2088)

    • There is functionality for taking screenshot (YARA)

      • JDownloaderSetup.exe (PID: 3956)

    • Adds/modifies Windows certificates

      • JDownloaderSetup.exe (PID: 3956)

    • Process requests binary or script from the Internet

      • Carrier.exe (PID: 2088)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 5072)

    • Reads the computer name

      • identity_helper.exe (PID: 7956)

    • Creates files or folders in the user directory

      • BackgroundTransferHost.exe (PID: 2040)
      • JDownloaderSetup.exe (PID: 3956)
      • Carrier.exe (PID: 2088)

    • Reads Environment values

      • identity_helper.exe (PID: 7956)

    • Checks supported languages

      • identity_helper.exe (PID: 7956)
      • JDownloaderSetup.exe (PID: 3956)
      • unpack200.exe (PID: 4376)
      • unpack200.exe (PID: 6148)
      • unpack200.exe (PID: 7876)
      • unpack200.exe (PID: 6248)
      • unpack200.exe (PID: 3176)
      • unpack200.exe (PID: 7808)
      • unpack200.exe (PID: 2904)
      • unpack200.exe (PID: 6572)
      • unpack200.exe (PID: 2432)
      • unpack200.exe (PID: 8072)
      • unpack200.exe (PID: 8148)
      • unpack200.exe (PID: 7584)
      • unpack200.exe (PID: 6040)
      • java.exe (PID: 5044)
      • ShellExperienceHost.exe (PID: 872)
      • Carrier.exe (PID: 2088)

    • Checks proxy server information

      • BackgroundTransferHost.exe (PID: 2040)
      • JDownloaderSetup.exe (PID: 3956)
      • Carrier.exe (PID: 2088)

    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 7692)
      • BackgroundTransferHost.exe (PID: 856)
      • BackgroundTransferHost.exe (PID: 2984)
      • BackgroundTransferHost.exe (PID: 2904)
      • BackgroundTransferHost.exe (PID: 2040)

    • Autorun file from Downloads

      • msedge.exe (PID: 5072)
      • msedge.exe (PID: 7588)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 5072)

    • Reads the software policy settings

      • BackgroundTransferHost.exe (PID: 2040)
      • JDownloaderSetup.exe (PID: 3956)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 5116)
      • msedge.exe (PID: 8300)

    • Create files in a temporary directory

      • JDownloaderSetup.exe (PID: 3956)
      • Carrier.exe (PID: 2088)
      • unpack200.exe (PID: 6148)
      • unpack200.exe (PID: 924)
      • unpack200.exe (PID: 4376)
      • unpack200.exe (PID: 7876)
      • unpack200.exe (PID: 6248)
      • unpack200.exe (PID: 7300)
      • unpack200.exe (PID: 3176)
      • unpack200.exe (PID: 7808)
      • unpack200.exe (PID: 2904)
      • unpack200.exe (PID: 6572)
      • unpack200.exe (PID: 2432)
      • unpack200.exe (PID: 6040)
      • unpack200.exe (PID: 8072)
      • unpack200.exe (PID: 6724)
      • unpack200.exe (PID: 1088)
      • unpack200.exe (PID: 8084)
      • unpack200.exe (PID: 2288)
      • unpack200.exe (PID: 8148)
      • unpack200.exe (PID: 7584)
      • java.exe (PID: 5044)

    • The sample compiled with english language support

      • JDownloaderSetup.exe (PID: 3956)
      • Carrier.exe (PID: 2088)
      • msedge.exe (PID: 8300)

    • Reads the machine GUID from the registry

      • JDownloaderSetup.exe (PID: 3956)
      • Carrier.exe (PID: 2088)

    • Disables trace logs

      • JDownloaderSetup.exe (PID: 3956)

    • Drops a (possible) Coronavirus decoy

      • Carrier.exe (PID: 2088)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

xor-url

(PID) Process(3956) JDownloaderSetup.exe
Decrypted-URLs (4)http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/mm/
http://ns.adobe.com/xap/1.0/sType/ResourceRef#
http://www.w3.org/1999/02/22-rdf-syntax-ns#
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
258
Monitored processes
114
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs backgroundtransferhost.exe no specs msedge.exe no specs backgroundtransferhost.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs msedge.exe no specs winrar.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe jdownloadersetup.exe no specs #XOR-URL jdownloadersetup.exe carrier.exe msedge.exe no specs msedge.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs slui.exe unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs java.exe no specs conhost.exe no specs shellexperiencehost.exe no specs reg.exe no specs conhost.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
616"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7412 --field-trial-handle=2504,i,6635921843396424230,13979702623805218606,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
856"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
872"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mcaC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Shell Experience Host
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\wincorlib.dll
924-r "jre\lib\jce.jar.pack" "jre\lib\jce.jar"C:\Users\admin\AppData\Local\Temp\e4j9AB6.tmp_dir1742818079\jre\bin\unpack200.exeCarrier.exe
User:
admin
Company:
Temurin
Integrity Level:
HIGH
Description:
OpenJDK Platform binary
Exit code:
0
Version:
8.0.3220.6
Modules
Images
c:\users\admin\appdata\local\temp\e4j9ab6.tmp_dir1742818079\jre\bin\unpack200.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\users\admin\appdata\local\temp\e4j9ab6.tmp_dir1742818079\jre\bin\msvcr120.dll
1056\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeunpack200.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1088-r "jre\lib\ext\localedata.jar.pack" "jre\lib\ext\localedata.jar"C:\Users\admin\AppData\Local\Temp\e4j9AB6.tmp_dir1742818079\jre\bin\unpack200.exeCarrier.exe
User:
admin
Company:
Temurin
Integrity Level:
HIGH
Description:
OpenJDK Platform binary
Exit code:
0
Version:
8.0.3220.6
Modules
Images
c:\users\admin\appdata\local\temp\e4j9ab6.tmp_dir1742818079\jre\bin\unpack200.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\users\admin\appdata\local\temp\e4j9ab6.tmp_dir1742818079\jre\bin\msvcr120.dll
1272"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6916 --field-trial-handle=2504,i,6635921843396424230,13979702623805218606,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2040"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
2064\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeunpack200.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2088"C:\Users\admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Carrier.exe" -Dexecuteafter=false "-Dregistry=true" -DinstallationDir="C:\Users\admin\AppData\Local\JDownloader 2.0" -q "-Dfilelinks=dlc,jdc,ccf,rsdf" "-Ddesktoplink=true" "-Dquicklaunch=false"C:\Users\admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Carrier.exe
JDownloaderSetup.exe
User:
admin
Company:
AppWork GmbH
Integrity Level:
HIGH
Description:
JDownloader
Version:
2.0.1
Modules
Images
c:\users\admin\appdata\local\temp\5f3bf50163bb4e257419f910f803d8b2\carrier.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
161 834
Read events
114 736
Write events
47 094
Delete events
4

Modification events

(PID) Process:(5072) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(5072) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(5072) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(5072) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(5072) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
26FC83B9AB8F2F00
(PID) Process:(5072) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
20928CB9AB8F2F00
(PID) Process:(5072) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328338
Operation:writeName:WindowTabManagerFileMappingId
Value:
{CE02A5C1-AC85-470D-BC7A-71B5FBE56E8D}
(PID) Process:(5072) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328338
Operation:writeName:WindowTabManagerFileMappingId
Value:
{9AD9BF07-7AAD-4200-A152-E325B915864E}
(PID) Process:(5072) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328338
Operation:writeName:WindowTabManagerFileMappingId
Value:
{C492BAA0-9E0C-4385-A065-935C167DF1F2}
(PID) Process:(5072) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328338
Operation:writeName:WindowTabManagerFileMappingId
Value:
{9B3EC8B4-742A-457A-AB2C-F9FCEAF721BA}
Executable files
325
Suspicious files
2 882
Text files
883
Unknown types
1

Dropped files

PID
Process
Filename
Type
5072msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10b400.TMP
MD5:
SHA256:
5072msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
5072msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10b40f.TMP
MD5:
SHA256:
5072msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10b40f.TMP
MD5:
SHA256:
5072msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
5072msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
5072msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10b45e.TMP
MD5:
SHA256:
5072msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
5072msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10b46d.TMP
MD5:
SHA256:
5072msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
67
TCP/UDP connections
102
DNS requests
106
Threats
20

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
104.124.11.17:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
960
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2040
BackgroundTransferHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
7684
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7684
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3956
JDownloaderSetup.exe
GET
200
23.211.190.126:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCEE5A5DdU7eaMAAAAAFHTlH8%3D
unknown
whitelisted
7828
svchost.exe
HEAD
200
23.48.23.24:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/84d3e481-77df-49da-bc37-0a994069ddb9?P1=1743117524&P2=404&P3=2&P4=jXRmzKCAlOmsFMYAq77ACusoxqVLK676Bjb17ZJjaBTBHAc%2fBlTWXelO8S1XW7hL2aRejFlLxwZA0hZJ4NP1TA%3d%3d
unknown
whitelisted
3956
JDownloaderSetup.exe
GET
200
23.211.190.126:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRp%2BmQDKauE4nIg%2FgknZHuBlLkfKgQUzolPglGqFaKEYsoxI2HSYfv4%2FngCEHe6I7KBxaL33cUzq%2B9yPgE%3D
unknown
whitelisted
3956
JDownloaderSetup.exe
GET
200
23.211.190.126:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3r%2F2ztWk1V88CEDWvt3udNB9q%2FI%2BERqsxNSs%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
104.124.11.17:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5072
msedge.exe
239.255.255.250:1900
whitelisted
7376
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7376
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7376
msedge.exe
13.107.6.158:443
business.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7376
msedge.exe
13.107.246.60:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 104.124.11.17
  • 104.124.11.58
whitelisted
google.com
  • 142.250.185.142
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
dropmefiles.com
  • 176.99.128.38
  • 176.99.128.9
  • 176.99.128.18
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
  • 150.171.27.11
  • 150.171.28.11
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.60
whitelisted
bzib.nelreports.net
  • 2.22.242.11
  • 2.22.242.105
  • 23.48.23.51
  • 23.48.23.26
whitelisted
www.bing.com
  • 2.19.96.120
  • 2.19.96.104
  • 2.19.96.112
  • 2.19.96.113
  • 2.19.96.123
  • 2.19.96.128
  • 2.19.96.115
  • 2.19.96.122
  • 2.19.96.130
  • 2.23.227.215
  • 2.23.227.221
  • 2.23.227.208
  • 92.123.104.13
  • 92.123.104.20
  • 92.123.104.17
  • 92.123.104.11
  • 92.123.104.18
  • 92.123.104.21
  • 92.123.104.12
  • 92.123.104.15
  • 92.123.104.14
  • 92.123.104.38
  • 92.123.104.36
  • 92.123.104.46
  • 92.123.104.35
  • 92.123.104.53
  • 92.123.104.47
  • 92.123.104.41
  • 92.123.104.43
  • 92.123.104.37
whitelisted

Threats

PID
Process
Class
Message
7376
msedge.exe
Misc activity
ET FILE_SHARING File Sharing Service Domain in DNS Lookup (dropmefiles .com)
7376
msedge.exe
Misc activity
ET FILE_SHARING File Sharing Service Domain in DNS Lookup (dropmefiles .com)
7376
msedge.exe
Misc activity
ET FILE_SHARING Observed File Sharing Service Domain (dropmefiles .com in TLS SNI)
7376
msedge.exe
Misc activity
ET FILE_SHARING Observed File Sharing Service Domain (dropmefiles .com in TLS SNI)
7376
msedge.exe
Misc activity
ET FILE_SHARING Observed File Sharing Service Domain (dropmefiles .com in TLS SNI)
7376
msedge.exe
Misc activity
ET FILE_SHARING Observed File Sharing Service Domain (dropmefiles .com in TLS SNI)
7376
msedge.exe
Misc activity
ET FILE_SHARING Observed File Sharing Service Domain (dropmefiles .com in TLS SNI)
7376
msedge.exe
Misc activity
ET FILE_SHARING Observed File Sharing Service Domain (dropmefiles .com in TLS SNI)
7376
msedge.exe
Misc activity
ET FILE_SHARING File Sharing Service Domain in DNS Lookup (dropmefiles .com)
7376
msedge.exe
Misc activity
ET FILE_SHARING File Sharing Service Domain in DNS Lookup (dropmefiles .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://dropmefiles.com/cNEyM