File name:

miniClickerSetup.exe

Full analysis: https://app.any.run/tasks/1f03bcd1-9bf4-4158-b8d7-6565de315852
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: March 30, 2025, 21:32:35
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
evasion
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 10 sections
MD5:

82667667E1B943B1C101D32D0C677F99

SHA1:

6236FA656370DC4376DD609F119EBD46EABA2619

SHA256:

938144181A4BB705FCB77B439A3E864E6A5E3D2CF7A1CC736136B0D0FC945FC7

SSDEEP:

98304:h/99V0nwovVP8C70e8U/civbd/39rSodnPQdoOloRSZeqGK9A0TSMrweLq390E/u:DOW5eF3D3G

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • miniClickerSetup.exe (PID: 7332)
      • Plover.exe (PID: 1184)
      • Stork.exe (PID: 8164)

    • Actions looks like stealing of personal data

      • Birds.exe (PID: 1052)

  • SUSPICIOUS

    • Creates a software uninstall entry

      • miniClickerSetup.exe (PID: 7332)
      • Stork.exe (PID: 8164)

    • Reads the date of Windows installation

      • miniClickerSetup.exe (PID: 7332)
      • Stork.exe (PID: 8164)
      • Stork.exe (PID: 8044)

    • Executable content was dropped or overwritten

      • CalandraLark.exe (PID: 7816)
      • miniClickerSetup.exe (PID: 7332)
      • CalandraLark.exe (PID: 7844)
      • CalandraLark.exe (PID: 7912)
      • CalandraLark.exe (PID: 8032)
      • CalandraLark.exe (PID: 8012)
      • Stork.exe (PID: 8164)
      • CalandraLark.exe (PID: 7892)

    • Reads security settings of Internet Explorer

      • miniClickerSetup.exe (PID: 7332)
      • Plover.exe (PID: 1184)
      • Birds.exe (PID: 1052)
      • Stork.exe (PID: 8164)
      • Stork.exe (PID: 8044)

    • Starts itself from another location

      • miniClickerSetup.exe (PID: 7332)
      • Stork.exe (PID: 8164)

    • Executes application which crashes

      • Plover.exe (PID: 1184)

    • Checks for external IP

      • svchost.exe (PID: 2196)
      • Stork.exe (PID: 8164)

  • INFO

    • The sample compiled with english language support

      • miniClickerSetup.exe (PID: 7332)
      • CalandraLark.exe (PID: 8012)
      • Stork.exe (PID: 8164)

    • Creates files or folders in the user directory

      • CalandraLark.exe (PID: 7844)
      • miniClickerSetup.exe (PID: 7332)
      • CalandraLark.exe (PID: 7816)
      • CalandraLark.exe (PID: 7892)
      • CalandraLark.exe (PID: 8012)
      • CalandraLark.exe (PID: 8032)
      • Birds.exe (PID: 1052)
      • WerFault.exe (PID: 7416)
      • Stork.exe (PID: 8164)
      • CalandraLark.exe (PID: 7912)

    • Checks supported languages

      • CalandraLark.exe (PID: 7844)
      • CalandraLark.exe (PID: 7892)
      • miniClickerSetup.exe (PID: 7332)
      • CalandraLark.exe (PID: 7816)
      • CalandraLark.exe (PID: 8032)
      • Plover.exe (PID: 1184)
      • Birds.exe (PID: 1052)
      • CalandraLark.exe (PID: 8012)
      • Stork.exe (PID: 8164)
      • identity_helper.exe (PID: 7424)
      • Stork.exe (PID: 8044)
      • miniClicker.exe (PID: 5984)
      • miniClicker.exe (PID: 6080)
      • CalandraLark.exe (PID: 7912)

    • Reads the computer name

      • miniClickerSetup.exe (PID: 7332)
      • Plover.exe (PID: 1184)
      • Birds.exe (PID: 1052)
      • Stork.exe (PID: 8164)
      • Stork.exe (PID: 8044)
      • identity_helper.exe (PID: 7424)
      • miniClicker.exe (PID: 5984)

    • Application launched itself

      • msedge.exe (PID: 7492)

    • Process checks computer location settings

      • miniClickerSetup.exe (PID: 7332)
      • Stork.exe (PID: 8164)
      • Stork.exe (PID: 8044)

    • Checks proxy server information

      • Plover.exe (PID: 1184)
      • Birds.exe (PID: 1052)
      • Stork.exe (PID: 8164)
      • slui.exe (PID: 668)

    • Reads the machine GUID from the registry

      • Stork.exe (PID: 8164)

    • Reads the software policy settings

      • Stork.exe (PID: 8164)
      • slui.exe (PID: 668)

    • Reads Environment values

      • identity_helper.exe (PID: 7424)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:08:20 08:13:28+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.38
CodeSize: 601600
InitializedDataSize: 6543872
UninitializedDataSize: -
EntryPoint: 0x23e2
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 3.0.0.2
ProductVersionNumber: 3.4.3.4
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Tracy Software ltd
FileDescription: Browsers Birds Engine
FileVersion: 3.0.0.2
InternalName: Birds365.exe
LegalCopyright: Copyright TracySoftware(C) 2024
OriginalFileName: Birds365.exe
ProductName: Birds Engine
ProductVersion: 3.4.3.4
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
198
Monitored processes
65
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start miniclickersetup.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs calandralark.exe conhost.exe no specs calandralark.exe conhost.exe no specs calandralark.exe conhost.exe no specs calandralark.exe conhost.exe no specs calandralark.exe calandralark.exe conhost.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs plover.exe birds.exe werfault.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs stork.exe stork.exe no specs svchost.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs miniclicker.exe no specs miniclicker.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
472"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6912 --field-trial-handle=2388,i,12547984212941836877,13622833365176835003,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
668C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
680"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5840 --field-trial-handle=2388,i,12547984212941836877,13622833365176835003,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
680"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=6760 --field-trial-handle=2388,i,12547984212941836877,13622833365176835003,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
856"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6504 --field-trial-handle=2388,i,12547984212941836877,13622833365176835003,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
896"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6500 --field-trial-handle=2388,i,12547984212941836877,13622833365176835003,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1052"C:\Users\admin\AppData\Local\Tracy\Birds\Birds.exe" C:\Users\admin\AppData\Local\Tracy\Birds\Birds.exe
miniClickerSetup.exe
User:
admin
Company:
Tracy Software ltd
Integrity Level:
MEDIUM
Description:
Browsers Birds Engine
Version:
3.0.0.2
Modules
Images
c:\users\admin\appdata\local\tracy\birds\birds.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1096"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5928 --field-trial-handle=2388,i,12547984212941836877,13622833365176835003,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1184"C:\Users\admin\AppData\Local\Tracy\Birds\Plover.exe" C:\Users\admin\AppData\Local\Tracy\Birds\Plover.exe
miniClickerSetup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Plover Bird
Exit code:
3221226505
Version:
3.2.0.8
Modules
Images
c:\users\admin\appdata\local\tracy\birds\plover.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1240"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6992 --field-trial-handle=2388,i,12547984212941836877,13622833365176835003,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
16 498
Read events
16 444
Write events
54
Delete events
0

Modification events

(PID) Process:(7332) miniClickerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(7332) miniClickerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7332) miniClickerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7332) miniClickerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7492) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(7492) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(7492) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(7332) miniClickerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Birds
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Tracy\Birds\Birds.exe
(PID) Process:(7332) miniClickerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Birds
Operation:writeName:DisplayName
Value:
Birds
(PID) Process:(7332) miniClickerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Birds
Operation:writeName:UninstallString
Value:
C:\Users\admin\AppData\Local\Tracy\Birds\Birds.exe -uninstall
Executable files
24
Suspicious files
316
Text files
56
Unknown types
1

Dropped files

PID
Process
Filename
Type
7492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:1E9E15EF6E531C4557100F20C9C76F01
SHA256:46CB063CC268B69B172660F166C4394D5B4EDD802388B3EC16766DEBDB9F86C3
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\Config.xmltext
MD5:864EF25074FBB2C6B4CDA903BEF35DFD
SHA256:77190AFBF9DC3FFB5B30676A211E284ADCE2A80F87ACA8A9FABF2C0832445FEE
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\Birds.dllexecutable
MD5:4B48EF1E341FFF5095B28D486468DF75
SHA256:78BE649C4A7FA9D2E4AB580C1FE921677DA042281A0C95400F56F66EEAE2637A
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\TracyLogo.pngbinary
MD5:4ED6047C9A4719C677843FDAF42C9AF5
SHA256:4AD6E36A9488FFECCA2791DFC55B1F910F89AB3F9C1AAD0CD1E11F6E985EBE48
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\Hoopoe.birdbinary
MD5:0F133321BA544D20216ABE4CFF9A5C1C
SHA256:43ABC9FDA17D6BC0C56CA669E548254718FFC38FE99FF0C4B9B145F5F842010A
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\RuppellsVulture.birdbinary
MD5:32EF91518D58485527E63A68C0455C1C
SHA256:49EC72FF899714A3341E7B43EB8E39CC5A2447CAFABD47545202B881F5BF2EEA
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\Stork.birdbinary
MD5:47ED2B4A1DC2BCBA74D8769F4288A2DC
SHA256:751A7E63C8D9357C5299D020CA01E550B1044EC4D8B8ACD7544D8C167BE0748A
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\BuyNow.pngimage
MD5:621830E53699C6D5EC05990A77ACB5DB
SHA256:9DC98DE226B7B2F3F20EA02AA412ECCC5E20CE0E77D7D03B93A1FEE2A34999FB
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\Star Empty.pngbinary
MD5:4AEE9F546536666B90311D479101E815
SHA256:403E57796C7A25A6E468E287654B44A0F4F3B9DFE1D673D98766A2EA5F56FF7D
7332miniClickerSetup.exeC:\Users\admin\AppData\Local\Tracy\Birds\Star full.pngbinary
MD5:8B331D54273316EF06253C65552986B0
SHA256:BCFFBEE442F15EF6885429B81BA64DF51C384915543F540D33987E98E8D83DBF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
115
TCP/UDP connections
96
DNS requests
81
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4628
RUXIMICS.exe
GET
200
23.48.23.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.48.23.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
unknown
1184
Plover.exe
GET
400
81.28.5.222:80
http://api.3dodo.com/api/Birds/GetRedirect?sGeo=&sProductId=1005&sPublisherId=34&sCampaignId=6&sSite=google&sLocation=all
unknown
unknown
GET
404
81.28.5.222:443
https://3dodo.com/_3dodoApplication.styles.css
unknown
unknown
POST
200
40.126.31.3:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
GET
401
13.107.6.158:443
https://business.bing.com/work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox
unknown
binary
591 b
whitelisted
GET
200
13.107.246.45:443
https://edge-mobile-static.azureedge.net/eccp/get?settenant=edge-config&setplatform=win&setmkt=en-US&setchannel=stable
unknown
binary
16.0 Kb
whitelisted
GET
200
81.28.5.222:443
https://3dodo.com/lib/bootstrap/dist/css/bootstrap.min.css
unknown
text
158 Kb
unknown
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=44&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
binary
768 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4628
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
23.48.23.147:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4628
RUXIMICS.exe
23.48.23.147:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6544
svchost.exe
20.190.159.75:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7764
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
  • 51.124.78.146
whitelisted
google.com
  • 142.250.185.206
whitelisted
client.wns.windows.com
  • 172.172.255.218
whitelisted
crl.microsoft.com
  • 23.48.23.147
  • 23.48.23.166
  • 23.48.23.143
  • 23.48.23.162
  • 23.48.23.173
  • 23.48.23.159
  • 23.48.23.194
  • 23.48.23.181
  • 23.48.23.176
whitelisted
login.live.com
  • 20.190.159.75
  • 20.190.159.71
  • 40.126.31.130
  • 20.190.159.129
  • 40.126.31.69
  • 20.190.159.131
  • 40.126.31.131
  • 20.190.159.130
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
3dodo.com
  • 81.28.5.222
unknown
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Device Retrieving External IP Address Detected
ET INFO Observed DNS Query to External IP Lookup Domain (api .country .is)
8164
Stork.exe
Device Retrieving External IP Address Detected
ET INFO Observed External IP Lookup Domain Domain (api .country .is in TLS SNI)
Potentially Bad Traffic
ET INFO Possible Chrome Plugin install
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
miniClickerSetup.exe