File name:

miniClickerSetup.exe

Full analysis: https://app.any.run/tasks/1f03bcd1-9bf4-4158-b8d7-6565de315852
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: March 30, 2025, 21:32:35
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
evasion
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 10 sections
MD5:

82667667E1B943B1C101D32D0C677F99

SHA1:

6236FA656370DC4376DD609F119EBD46EABA2619

SHA256:

938144181A4BB705FCB77B439A3E864E6A5E3D2CF7A1CC736136B0D0FC945FC7

SSDEEP:

98304:h/99V0nwovVP8C70e8U/civbd/39rSodnPQdoOloRSZeqGK9A0TSMrweLq390E/u:DOW5eF3D3G

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • miniClickerSetup.exe (PID: 7332)
      • Plover.exe (PID: 1184)
      • Stork.exe (PID: 8164)

    • Actions looks like stealing of personal data

      • Birds.exe (PID: 1052)

  • SUSPICIOUS

    • Reads the date of Windows installation

      • miniClickerSetup.exe (PID: 7332)
      • Stork.exe (PID: 8164)
      • Stork.exe (PID: 8044)

    • Executable content was dropped or overwritten

      • miniClickerSetup.exe (PID: 7332)
      • CalandraLark.exe (PID: 7816)
      • CalandraLark.exe (PID: 7844)
      • CalandraLark.exe (PID: 7892)
      • CalandraLark.exe (PID: 7912)
      • CalandraLark.exe (PID: 8032)
      • CalandraLark.exe (PID: 8012)
      • Stork.exe (PID: 8164)

    • Creates a software uninstall entry

      • miniClickerSetup.exe (PID: 7332)
      • Stork.exe (PID: 8164)

    • Starts itself from another location

      • miniClickerSetup.exe (PID: 7332)
      • Stork.exe (PID: 8164)

    • Reads security settings of Internet Explorer

      • Plover.exe (PID: 1184)
      • Birds.exe (PID: 1052)
      • Stork.exe (PID: 8164)
      • miniClickerSetup.exe (PID: 7332)
      • Stork.exe (PID: 8044)

    • Executes application which crashes

      • Plover.exe (PID: 1184)

    • Checks for external IP

      • svchost.exe (PID: 2196)
      • Stork.exe (PID: 8164)

  • INFO

    • The sample compiled with english language support

      • miniClickerSetup.exe (PID: 7332)
      • CalandraLark.exe (PID: 8012)
      • Stork.exe (PID: 8164)

    • Creates files or folders in the user directory

      • miniClickerSetup.exe (PID: 7332)
      • CalandraLark.exe (PID: 7816)
      • CalandraLark.exe (PID: 7892)
      • CalandraLark.exe (PID: 7912)
      • CalandraLark.exe (PID: 7844)
      • CalandraLark.exe (PID: 8012)
      • CalandraLark.exe (PID: 8032)
      • Birds.exe (PID: 1052)
      • Stork.exe (PID: 8164)
      • WerFault.exe (PID: 7416)

    • Reads the computer name

      • miniClickerSetup.exe (PID: 7332)
      • Plover.exe (PID: 1184)
      • Stork.exe (PID: 8164)
      • Birds.exe (PID: 1052)
      • Stork.exe (PID: 8044)
      • miniClicker.exe (PID: 5984)
      • identity_helper.exe (PID: 7424)

    • Checks supported languages

      • miniClickerSetup.exe (PID: 7332)
      • CalandraLark.exe (PID: 7892)
      • CalandraLark.exe (PID: 7816)
      • CalandraLark.exe (PID: 7844)
      • CalandraLark.exe (PID: 7912)
      • CalandraLark.exe (PID: 8032)
      • Birds.exe (PID: 1052)
      • Plover.exe (PID: 1184)
      • CalandraLark.exe (PID: 8012)
      • Stork.exe (PID: 8164)
      • Stork.exe (PID: 8044)
      • miniClicker.exe (PID: 6080)
      • identity_helper.exe (PID: 7424)
      • miniClicker.exe (PID: 5984)

    • Application launched itself

      • msedge.exe (PID: 7492)

    • Process checks computer location settings

      • miniClickerSetup.exe (PID: 7332)
      • Stork.exe (PID: 8164)
      • Stork.exe (PID: 8044)

    • Checks proxy server information

      • Plover.exe (PID: 1184)
      • Stork.exe (PID: 8164)
      • Birds.exe (PID: 1052)
      • slui.exe (PID: 668)

    • Reads Environment values

      • identity_helper.exe (PID: 7424)

    • Reads the software policy settings

      • Stork.exe (PID: 8164)
      • slui.exe (PID: 668)

    • Reads the machine GUID from the registry

      • Stork.exe (PID: 8164)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:08:20 08:13:28+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.38
CodeSize: 601600
InitializedDataSize: 6543872
UninitializedDataSize: -
EntryPoint: 0x23e2
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 3.0.0.2
ProductVersionNumber: 3.4.3.4
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Tracy Software ltd
FileDescription: Browsers Birds Engine
FileVersion: 3.0.0.2
InternalName: Birds365.exe
LegalCopyright: Copyright TracySoftware(C) 2024
OriginalFileName: Birds365.exe
ProductName: Birds Engine
ProductVersion: 3.4.3.4
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
198
Monitored processes
65
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start miniclickersetup.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs calandralark.exe conhost.exe no specs calandralark.exe conhost.exe no specs calandralark.exe conhost.exe no specs calandralark.exe conhost.exe no specs calandralark.exe calandralark.exe conhost.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs plover.exe birds.exe werfault.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs stork.exe stork.exe no specs svchost.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs miniclicker.exe no specs miniclicker.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
472"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6912 --field-trial-handle=2388,i,12547984212941836877,13622833365176835003,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
668C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
680"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5840 --field-trial-handle=2388,i,12547984212941836877,13622833365176835003,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
680"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=6760 --field-trial-handle=2388,i,12547984212941836877,13622833365176835003,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
856"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6504 --field-trial-handle=2388,i,12547984212941836877,13622833365176835003,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
896"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6500 --field-trial-handle=2388,i,12547984212941836877,13622833365176835003,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1052"C:\Users\admin\AppData\Local\Tracy\Birds\Birds.exe" C:\Users\admin\AppData\Local\Tracy\Birds\Birds.exe
miniClickerSetup.exe
User:
admin
Company:
Tracy Software ltd
Integrity Level:
MEDIUM
Description:
Browsers Birds Engine
Version:
3.0.0.2
Modules
Images
c:\users\admin\appdata\local\tracy\birds\birds.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1096"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5928 --field-trial-handle=2388,i,12547984212941836877,13622833365176835003,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1184"C:\Users\admin\AppData\Local\Tracy\Birds\Plover.exe" C:\Users\admin\AppData\Local\Tracy\Birds\Plover.exe
miniClickerSetup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Plover Bird
Exit code:
3221226505
Version:
3.2.0.8
Modules
Images
c:\users\admin\appdata\local\tracy\birds\plover.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1240"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6992 --field-trial-handle=2388,i,12547984212941836877,13622833365176835003,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
16 498
Read events
16 444
Write events
54
Delete events
0

Modification events

(PID) Process:(7332) miniClickerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(7332) miniClickerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7332) miniClickerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7332) miniClickerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7492) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(7492) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(7492) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(7332) miniClickerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Birds
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Tracy\Birds\Birds.exe
(PID) Process:(7332) miniClickerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Birds
Operation:writeName:DisplayName
Value:
Birds
(PID) Process:(7332) miniClickerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Birds
Operation:writeName:UninstallString
Value:
C:\Users\admin\AppData\Local\Tracy\Birds\Birds.exe -uninstall
Executable files
24
Suspicious files
316
Text files
56
Unknown types
1

Dropped files

PID
Process
Filename
Type
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\Birds.dllexecutable
MD5:4B48EF1E341FFF5095B28D486468DF75
SHA256:78BE649C4A7FA9D2E4AB580C1FE921677DA042281A0C95400F56F66EEAE2637A
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\zlibwapi.dllexecutable
MD5:54789344B07BED58E43851ECA47E2B12
SHA256:9F8729AC49E0CCEA86FE3B1A9B2C3FAE9986ECD09DB92853E7A588DBDA85BF90
7492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:1E9E15EF6E531C4557100F20C9C76F01
SHA256:46CB063CC268B69B172660F166C4394D5B4EDD802388B3EC16766DEBDB9F86C3
7492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Variationsbinary
MD5:6971E42ED64D2BE125547F021EB852B1
SHA256:B46CFDC4106DF566F71AA34D6F10B53767C561DFD17DD07A5930A18E67BB344B
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\Config.xmltext
MD5:864EF25074FBB2C6B4CDA903BEF35DFD
SHA256:77190AFBF9DC3FFB5B30676A211E284ADCE2A80F87ACA8A9FABF2C0832445FEE
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\Cassowary.birdbinary
MD5:95BC9835B85F3EB52883B44CB97865E9
SHA256:B00C75CECE93F044EA74D68C37589F73C709A60AB2E319D9F06FF88EB9D22168
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\CalandraLark.exeexecutable
MD5:0914E719E94822F9C7AE2B1F3BAE8DD7
SHA256:5355C5322E6FC7C3034DD2BFF6C32593B591A79FC6B0DB9C48D1F6296EDD9F6A
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\Hoopoe.birdbinary
MD5:0F133321BA544D20216ABE4CFF9A5C1C
SHA256:43ABC9FDA17D6BC0C56CA669E548254718FFC38FE99FF0C4B9B145F5F842010A
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\Birds.exeexecutable
MD5:82667667E1B943B1C101D32D0C677F99
SHA256:938144181A4BB705FCB77B439A3E864E6A5E3D2CF7A1CC736136B0D0FC945FC7
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\RuppellsVulture.birdbinary
MD5:32EF91518D58485527E63A68C0455C1C
SHA256:49EC72FF899714A3341E7B43EB8E39CC5A2447CAFABD47545202B881F5BF2EEA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
115
TCP/UDP connections
96
DNS requests
81
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
23.48.23.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4628
RUXIMICS.exe
GET
200
23.48.23.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
404
81.28.5.222:443
https://3dodo.com/_3dodoApplication.styles.css
unknown
GET
200
81.28.5.222:443
https://3dodo.com/lib/bootstrap/dist/css/bootstrap.min.css
unknown
text
158 Kb
unknown
GET
200
81.28.5.222:443
https://3dodo.com/lib/bootstrap/dist/js/bootstrap.bundle.min.js
unknown
binary
76.6 Kb
unknown
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=44&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
binary
9.81 Kb
whitelisted
GET
200
81.28.5.222:443
https://3dodo.com/lib/jquery/dist/jquery.min.js
unknown
binary
87.3 Kb
unknown
GET
200
142.250.185.106:443
https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap
unknown
text
16.3 Kb
whitelisted
GET
200
92.123.104.17:443
https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json
unknown
binary
654 Kb
whitelisted
GET
200
81.28.5.222:443
https://3dodo.com/Home/Terms
unknown
html
17.3 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4628
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
23.48.23.147:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4628
RUXIMICS.exe
23.48.23.147:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6544
svchost.exe
20.190.159.75:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7764
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
  • 51.124.78.146
whitelisted
google.com
  • 142.250.185.206
whitelisted
client.wns.windows.com
  • 172.172.255.218
whitelisted
crl.microsoft.com
  • 23.48.23.147
  • 23.48.23.166
  • 23.48.23.143
  • 23.48.23.162
  • 23.48.23.173
  • 23.48.23.159
  • 23.48.23.194
  • 23.48.23.181
  • 23.48.23.176
whitelisted
login.live.com
  • 20.190.159.75
  • 20.190.159.71
  • 40.126.31.130
  • 20.190.159.129
  • 40.126.31.69
  • 20.190.159.131
  • 40.126.31.131
  • 20.190.159.130
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
3dodo.com
  • 81.28.5.222
unknown
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Device Retrieving External IP Address Detected
ET INFO Observed DNS Query to External IP Lookup Domain (api .country .is)
8164
Stork.exe
Device Retrieving External IP Address Detected
ET INFO Observed External IP Lookup Domain Domain (api .country .is in TLS SNI)
Potentially Bad Traffic
ET INFO Possible Chrome Plugin install
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
miniClickerSetup.exe