File name:

WFDSetup_1.5.6.58.exe

Full analysis: https://app.any.run/tasks/344f1c41-6512-472e-91de-655071dc6dd4
Verdict: Malicious activity
Analysis date: November 22, 2024, 12:04:31
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

E5E1087E206CA63FE54C408FE38CFCF8

SHA1:

96B5EFA6F96E38E889B7C7474C62D7FE72C7F946

SHA256:

9052DFD0E29F50F064AD6F8E5A4E78F324659F932AF5D13C97E0F127E3516E16

SSDEEP:

98304:bgyhDlZVdec1fieRD9p8n/jtDV3g2irm+2skn9QKbWtpeVh+JdqQz6zxTZEE0qux:eNIblAiYlG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • WiseDeleter.exe (PID: 2672)
      • WiseDeleter.exe (PID: 6068)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WFDSetup_1.5.6.58.tmp (PID: 1792)

    • Executable content was dropped or overwritten

      • WFDSetup_1.5.6.58.exe (PID: 1380)
      • WFDSetup_1.5.6.58.exe (PID: 648)
      • WFDSetup_1.5.6.58.tmp (PID: 5880)
      • WiseDeleter.exe (PID: 6068)

    • Drops a system driver (possible attempt to evade defenses)

      • WiseDeleter.exe (PID: 6068)

  • INFO

    • Create files in a temporary directory

      • WFDSetup_1.5.6.58.exe (PID: 648)
      • WFDSetup_1.5.6.58.exe (PID: 1380)

    • Checks supported languages

      • WFDSetup_1.5.6.58.exe (PID: 648)
      • WFDSetup_1.5.6.58.tmp (PID: 1792)
      • WFDSetup_1.5.6.58.exe (PID: 1380)

    • Reads the computer name

      • WFDSetup_1.5.6.58.tmp (PID: 1792)

    • Process checks computer location settings

      • WFDSetup_1.5.6.58.tmp (PID: 1792)

    • Application launched itself

      • msedge.exe (PID: 4944)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:04:06 14:39:04+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 66560
InitializedDataSize: 80896
UninitializedDataSize: -
EntryPoint: 0x117dc
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 1.5.6.58
ProductVersionNumber: 1.5.6.58
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: WiseCleaner.com
FileDescription: Wise Force Deleter
FileVersion: 1.5.6
LegalCopyright: WiseCleaner.com
ProductName: Wise Force Deleter
ProductVersion: 1.5.6
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
163
Monitored processes
44
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start wfdsetup_1.5.6.58.exe wfdsetup_1.5.6.58.tmp no specs wfdsetup_1.5.6.58.exe wfdsetup_1.5.6.58.tmp msedge.exe wisedeleter.exe no specs msedge.exe no specs wisedeleter.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
236"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7360 --field-trial-handle=2420,i,14201243303173157468,8241690493374941461,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
444"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7680 --field-trial-handle=2420,i,14201243303173157468,8241690493374941461,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
648"C:\Users\admin\Desktop\WFDSetup_1.5.6.58.exe" C:\Users\admin\Desktop\WFDSetup_1.5.6.58.exe
explorer.exe
User:
admin
Company:
WiseCleaner.com
Integrity Level:
MEDIUM
Description:
Wise Force Deleter
Exit code:
0
Version:
1.5.6
Modules
Images
c:\users\admin\desktop\wfdsetup_1.5.6.58.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
1380"C:\Users\admin\Desktop\WFDSetup_1.5.6.58.exe" /SPAWNWND=$301EC /NOTIFYWND=$8022A C:\Users\admin\Desktop\WFDSetup_1.5.6.58.exe
WFDSetup_1.5.6.58.tmp
User:
admin
Company:
WiseCleaner.com
Integrity Level:
HIGH
Description:
Wise Force Deleter
Exit code:
0
Version:
1.5.6
Modules
Images
c:\users\admin\desktop\wfdsetup_1.5.6.58.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
1708"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x320,0x324,0x328,0x31c,0x330,0x7ff822e65fd8,0x7ff822e65fe4,0x7ff822e65ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1760"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2752 --field-trial-handle=2420,i,14201243303173157468,8241690493374941461,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1792"C:\Users\admin\AppData\Local\Temp\is-PDHRH.tmp\WFDSetup_1.5.6.58.tmp" /SL5="$8022A,3100428,148480,C:\Users\admin\Desktop\WFDSetup_1.5.6.58.exe" C:\Users\admin\AppData\Local\Temp\is-PDHRH.tmp\WFDSetup_1.5.6.58.tmpWFDSetup_1.5.6.58.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-pdhrh.tmp\wfdsetup_1.5.6.58.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
2672"C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe" C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exeWFDSetup_1.5.6.58.tmp
User:
admin
Company:
Wise Cleaner
Integrity Level:
MEDIUM
Description:
Wise Force Deleter
Exit code:
3221226540
Version:
1.5.6.58
Modules
Images
c:\program files (x86)\wise\wise force deleter\wisedeleter.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
2996"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7156 --field-trial-handle=2420,i,14201243303173157468,8241690493374941461,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
3172"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7276 --field-trial-handle=2420,i,14201243303173157468,8241690493374941461,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
9 282
Read events
9 224
Write events
58
Delete events
0

Modification events

(PID) Process:(5880) WFDSetup_1.5.6.58.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WiseCleaner\Wise Force Deleter
Operation:writeName:path
Value:
C:\Program Files (x86)\Wise\Wise Force Deleter
(PID) Process:(5880) WFDSetup_1.5.6.58.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WiseCleaner\Wise Force Deleter
Operation:writeName:Product Name
Value:
Wise Force Deleter
(PID) Process:(5880) WFDSetup_1.5.6.58.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\WForceDelete
Operation:writeName:ICON
Value:
C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe
(PID) Process:(5880) WFDSetup_1.5.6.58.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Force Deleter_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.5.9 (u)
(PID) Process:(5880) WFDSetup_1.5.6.58.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Force Deleter_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\Wise\Wise Force Deleter
(PID) Process:(5880) WFDSetup_1.5.6.58.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Force Deleter_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\Wise\Wise Force Deleter\
(PID) Process:(5880) WFDSetup_1.5.6.58.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Force Deleter_is1
Operation:writeName:Inno Setup: Icon Group
Value:
Wise Force Deleter
(PID) Process:(5880) WFDSetup_1.5.6.58.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Force Deleter_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(5880) WFDSetup_1.5.6.58.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Force Deleter_is1
Operation:writeName:Inno Setup: Language
Value:
english
(PID) Process:(5880) WFDSetup_1.5.6.58.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Force Deleter_is1
Operation:writeName:DisplayName
Value:
Wise Force Deleter
Executable files
14
Suspicious files
140
Text files
119
Unknown types
2

Dropped files

PID
Process
Filename
Type
5880WFDSetup_1.5.6.58.tmpC:\Program Files (x86)\Wise\Wise Force Deleter\unins000.exeexecutable
MD5:EDB9910EA149E30BFD2D22E7C3EF400F
SHA256:51C091B6615B792FE1F73074F3F53B710F4B804A07054F4E6930FCDEFF3B6654
5880WFDSetup_1.5.6.58.tmpC:\Users\admin\AppData\Local\Temp\is-H1IVK.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
5880WFDSetup_1.5.6.58.tmpC:\Program Files (x86)\Wise\Wise Force Deleter\is-3620Q.tmpexecutable
MD5:17534AB01DB7D7A868D49C1C8926BBDF
SHA256:FF3591AF14655E8B424DC00D96E32166AB92941FCAB0F6246B0C5DDA01CA3992
1380WFDSetup_1.5.6.58.exeC:\Users\admin\AppData\Local\Temp\is-DA44S.tmp\WFDSetup_1.5.6.58.tmpexecutable
MD5:EDB9910EA149E30BFD2D22E7C3EF400F
SHA256:51C091B6615B792FE1F73074F3F53B710F4B804A07054F4E6930FCDEFF3B6654
648WFDSetup_1.5.6.58.exeC:\Users\admin\AppData\Local\Temp\is-PDHRH.tmp\WFDSetup_1.5.6.58.tmpexecutable
MD5:EDB9910EA149E30BFD2D22E7C3EF400F
SHA256:51C091B6615B792FE1F73074F3F53B710F4B804A07054F4E6930FCDEFF3B6654
5880WFDSetup_1.5.6.58.tmpC:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-5MAOI.tmptext
MD5:2C275628E188D0F5673254E2D04BF12B
SHA256:C62903D66F52479C30FEB8EFA79C1601A5BEF4405CE20C63B4BD7B2130B06909
5880WFDSetup_1.5.6.58.tmpC:\Program Files (x86)\Wise\Wise Force Deleter\Languages\Arabic.initext
MD5:6ACCDF8AA5A974F042024AF541B577FF
SHA256:8190C898770F0D13195F678A507A7C80303582C0E75ED9C6790326B5ED0AE421
5880WFDSetup_1.5.6.58.tmpC:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-8HCQE.tmptext
MD5:6ACCDF8AA5A974F042024AF541B577FF
SHA256:8190C898770F0D13195F678A507A7C80303582C0E75ED9C6790326B5ED0AE421
5880WFDSetup_1.5.6.58.tmpC:\Program Files (x86)\Wise\Wise Force Deleter\is-UGFBO.tmpexecutable
MD5:00829E4E6CFD080B55E0E930FF9363FE
SHA256:2F71071C068FFEB2221BA5941FC964CEAA808F54F8CC2133F2FAC70BE382E886
5880WFDSetup_1.5.6.58.tmpC:\Program Files (x86)\Wise\Wise Force Deleter\is-BD39M.tmpimage
MD5:3751EB1E86E4908A352679F46478AC48
SHA256:0B402D02D6CA6A0E6F999774EAB36563E53FAABD55FA298547195D5DD83BD2F9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
167
TCP/UDP connections
159
DNS requests
106
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.19.198.194:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4932
svchost.exe
GET
200
2.19.198.194:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4932
svchost.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
6068
WiseDeleter.exe
GET
200
23.224.25.138:80
http://www.wisecleaner.net/wisecleaner_feedback/index.php?to=fetch-unread-message&guid={0DC258F1-6638-4DD2-9161-75F772E441D0}
unknown
whitelisted
OPTIONS
503
23.53.40.203:443
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=44&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
binary
768 b
whitelisted
GET
200
13.107.21.239:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=122.0.2365.59&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
binary
645 b
whitelisted
GET
200
13.107.253.45:443
https://edge-mobile-static.azureedge.net/eccp/get?settenant=edge-config&setplatform=win&setmkt=en-US&setchannel=stable
unknown
binary
14.0 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2.16.204.152:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4932
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4712
MoUsoCoreWorker.exe
2.19.198.194:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4932
svchost.exe
2.19.198.194:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
2.16.253.202:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4932
svchost.exe
2.16.253.202:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 2.16.204.152
  • 2.16.204.159
  • 2.16.204.160
  • 2.16.204.151
  • 2.16.204.154
  • 2.16.204.153
  • 2.16.204.158
  • 2.16.204.149
  • 2.16.204.156
  • 2.23.209.150
  • 2.23.209.143
  • 2.23.209.149
  • 2.23.209.154
  • 2.23.209.144
  • 2.23.209.158
  • 2.23.209.160
  • 2.23.209.156
  • 2.23.209.176
  • 2.23.209.177
  • 2.23.209.193
  • 2.23.209.175
  • 2.23.209.179
  • 2.23.209.189
  • 2.23.209.185
  • 2.23.209.187
  • 2.23.209.173
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
google.com
  • 142.250.181.238
whitelisted
crl.microsoft.com
  • 2.19.198.194
  • 23.32.238.34
whitelisted
www.microsoft.com
  • 2.16.253.202
whitelisted
self.events.data.microsoft.com
  • 52.182.141.63
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.wisecleaner.com
  • 104.26.3.143
  • 104.26.2.143
  • 172.67.68.11
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted

Threats

No threats detected
Process
Message
WiseDeleter.exe
StartSvr error = 1060
WiseDeleter.exe
6 dirver not installed
WiseDeleter.exe
6 install C:\WINDOWS\WiseDelfile64.sys
WiseDeleter.exe
14813664 install WiseDelfile
WiseDeleter.exe
Authentication ver = 20
WiseDeleter.exe
ver 20 = 20 The operation completed successfully
WiseDeleter.exe
StartSvr error = 0
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WFDSetup_1.5.6.58.exe