URL:

senego.com

Full analysis: https://app.any.run/tasks/fcdd5e21-0f99-4b06-a89b-14f151eca127
Verdict: Malicious activity
Analysis date: May 26, 2024, 14:50:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
qrcode
Indicators:
MD5:

2A576B109C03FCAEF7463F095F6BD97D

SHA1:

B55C5F8984E003FD7530BAB0133B95A5C6535947

SHA256:

A5E77B73F60D317840ECFE7963E36B765E0BB06171F3D36A823D63C221420DFB

SSDEEP:

3:Usn:7n

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the Internet Settings

      • cmd.exe (PID: 2764)
      • cmd.exe (PID: 4212)
      • cmd.exe (PID: 4860)

    • The process executes JS scripts

      • iexplore.exe (PID: 5456)

  • INFO

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2276)
      • notepad++.exe (PID: 2408)
      • cmd.exe (PID: 2764)
      • chrome.exe (PID: 4888)
      • notepad++.exe (PID: 4244)
      • cmd.exe (PID: 4212)
      • notepad++.exe (PID: 7700)
      • notepad.exe (PID: 7932)
      • cmd.exe (PID: 4860)

    • Application launched itself

      • msedge.exe (PID: 3992)
      • iexplore.exe (PID: 1288)
      • iexplore.exe (PID: 2384)
      • iexplore.exe (PID: 2636)
      • iexplore.exe (PID: 1996)
      • iexplore.exe (PID: 2380)
      • iexplore.exe (PID: 2748)
      • iexplore.exe (PID: 2848)
      • iexplore.exe (PID: 2852)
      • iexplore.exe (PID: 2916)
      • iexplore.exe (PID: 2880)
      • iexplore.exe (PID: 2972)
      • iexplore.exe (PID: 2540)
      • iexplore.exe (PID: 2808)
      • iexplore.exe (PID: 2436)
      • iexplore.exe (PID: 3292)
      • iexplore.exe (PID: 1248)
      • iexplore.exe (PID: 2960)
      • chrome.exe (PID: 4888)
      • iexplore.exe (PID: 3016)
      • iexplore.exe (PID: 3388)
      • iexplore.exe (PID: 3576)
      • iexplore.exe (PID: 5456)
      • iexplore.exe (PID: 2388)
      • iexplore.exe (PID: 4544)
      • iexplore.exe (PID: 5052)
      • iexplore.exe (PID: 960)
      • iexplore.exe (PID: 2412)
      • iexplore.exe (PID: 2480)
      • iexplore.exe (PID: 2324)
      • iexplore.exe (PID: 5888)
      • iexplore.exe (PID: 4180)
      • iexplore.exe (PID: 3552)
      • iexplore.exe (PID: 5552)
      • iexplore.exe (PID: 5940)
      • chrome.exe (PID: 4192)
      • chrome.exe (PID: 7872)
      • chrome.exe (PID: 7684)
      • chrome.exe (PID: 2992)
      • chrome.exe (PID: 5940)
      • chrome.exe (PID: 3784)
      • chrome.exe (PID: 6684)
      • chrome.exe (PID: 4024)
      • chrome.exe (PID: 5192)
      • chrome.exe (PID: 4948)
      • chrome.exe (PID: 8012)
      • chrome.exe (PID: 5656)
      • chrome.exe (PID: 3436)
      • chrome.exe (PID: 3856)
      • chrome.exe (PID: 3304)
      • chrome.exe (PID: 3680)
      • chrome.exe (PID: 3400)
      • chrome.exe (PID: 3440)
      • chrome.exe (PID: 5744)
      • chrome.exe (PID: 8124)
      • chrome.exe (PID: 7136)
      • chrome.exe (PID: 6472)
      • chrome.exe (PID: 3432)
      • chrome.exe (PID: 6352)
      • chrome.exe (PID: 5732)
      • chrome.exe (PID: 6220)
      • chrome.exe (PID: 2180)
      • chrome.exe (PID: 3376)
      • chrome.exe (PID: 4588)
      • chrome.exe (PID: 5008)
      • chrome.exe (PID: 7920)
      • chrome.exe (PID: 4792)
      • chrome.exe (PID: 2300)

    • Checks supported languages

      • wmpnscfg.exe (PID: 2276)

    • Reads the computer name

      • wmpnscfg.exe (PID: 2276)

    • Change Internet Settings

      • iexplore.exe (PID: 1288)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 1288)
      • iexplore.exe (PID: 5456)

    • The process uses the downloaded file

      • iexplore.exe (PID: 5456)
      • chrome.exe (PID: 3644)
      • chrome.exe (PID: 4188)
      • chrome.exe (PID: 5432)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
297
Monitored processes
247
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs notepad++.exe cmd.exe no specs iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe no specs iexplore.exe no specs iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs notepad++.exe cmd.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe iexplore.exe iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe iexplore.exe iexplore.exe wscript.exe no specs notepad.exe no specs notepad++.exe cmd.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs fontview.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
284"C:\Program Files\Internet Explorer\iexplore.exe" "https://senego.com/wp-content/uploads/2024/05/Video-La-Cote-dIvoire-rend-hommage-a-lancien-president-Henri-Konan-Bedie_thumbnail.jpg"C:\Program Files\Internet Explorer\iexplore.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
368"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2436 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
444"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2880 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
568"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x6c168b38,0x6c168b48,0x6c168b54C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
588"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1072 --field-trial-handle=1208,i,16613773228852489245,2670198909850785326,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
728"C:\Program Files\Internet Explorer\iexplore.exe" "https://senego.com/wp-content/uploads/2024/05/441539118_421718713994927_7463172580769864775_n.jpg"C:\Program Files\Internet Explorer\iexplore.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
752"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x6c168b38,0x6c168b48,0x6c168b54C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
904"C:\Program Files\Internet Explorer\iexplore.exe" "https://senego.com/wp-content/uploads/2024/03/seydou-gueye.png"C:\Program Files\Internet Explorer\iexplore.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
960"C:\Program Files\Internet Explorer\iexplore.exe" "https://senego.com/wp-content/themes/news/assets/fonts/GraphikBold.otf"C:\Program Files\Internet Explorer\iexplore.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1056"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2212 --field-trial-handle=1300,i,14398564731448967480,7313321591557018123,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
335 785
Read events
327 356
Write events
6 231
Delete events
2 198

Modification events

(PID) Process:(3992) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3992) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3992) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(3992) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3992) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3992) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(3992) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(3992) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
05767ACFF2772F00
(PID) Process:(3992) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\FirstNotDefault
Operation:delete valueName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
(PID) Process:(3992) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
Executable files
2
Suspicious files
598
Text files
239
Unknown types
10

Dropped files

PID
Process
Filename
Type
3992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1037fa.TMP
MD5:
SHA256:
3992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF103858.TMP
MD5:
SHA256:
3992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
3992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF103923.TMP
MD5:
SHA256:
3992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
3992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:646FEFDB4D82709E3056F5C71953783C
SHA256:7B83D8689750F64D31016F1E8AC2A4EB9D7DB406E4C9C66211D4ED17DEBFEAD9
3992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-walbinary
MD5:9BCFECB24CC8374D71F86358D9BC8F6B
SHA256:0687A2F555868C6715378E0BC8480691A74EE964D5822BA0C2DE9ED623C8D736
3992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.oldtext
MD5:B2E1E436F8C0098B209AB866ADCDDEC4
SHA256:6D137151132C6D0847E71AE0438348FB624F4AABFE26228B637153353A266035
3992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:A6EBC0D32A7B9304824D19DB63B4E37A
SHA256:E991057C2B1718A151C5FD06E1C153F57130D195454A1F94C8C4C20971697093
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
476
DNS requests
164
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3104
iexplore.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?763502f04087de8c
unknown
unknown
3104
iexplore.exe
GET
304
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7249b9b56ae9dc1f
unknown
unknown
2040
msedge.exe
GET
301
137.74.206.21:80
http://senego.com/
unknown
unknown
3104
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
unknown
1996
iexplore.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6be87ee03a50525d
unknown
unknown
1996
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
unknown
1996
iexplore.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0e9b980c0b89d37b
unknown
unknown
2636
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
unknown
1288
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
unknown
2380
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
3992
msedge.exe
239.255.255.250:1900
unknown
2040
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2040
msedge.exe
137.74.206.21:80
senego.com
OVH SAS
FR
unknown
2040
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2040
msedge.exe
137.74.206.21:443
senego.com
OVH SAS
FR
unknown
2040
msedge.exe
2.23.209.187:443
www.bing.com
Akamai International B.V.
GB
unknown
2040
msedge.exe
142.250.185.98:443
pagead2.googlesyndication.com
GOOGLE
US
shared

DNS requests

Domain
IP
Reputation
senego.com
  • 137.74.206.21
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
kawtef.com
  • 137.74.206.21
unknown
www.bing.com
  • 2.23.209.187
  • 2.23.209.140
  • 2.23.209.189
  • 2.23.209.176
  • 2.23.209.185
  • 2.23.209.149
  • 2.23.209.130
  • 2.23.209.133
  • 2.23.209.182
  • 2.23.209.179
  • 2.23.209.148
  • 2.19.96.90
  • 2.19.96.82
  • 2.19.96.16
  • 2.19.96.35
  • 2.19.96.129
  • 2.19.96.130
  • 2.19.96.66
  • 2.19.96.88
  • 2.19.96.18
  • 2.23.209.177
  • 2.23.209.150
  • 2.23.209.161
whitelisted
www.facebook.com
  • 157.240.252.35
  • 157.240.253.35
whitelisted
www.instagram.com
  • 157.240.252.174
  • 157.240.0.174
whitelisted
www.linkedin.com
  • 13.107.42.14
whitelisted
x.com
  • 104.244.42.65
  • 104.244.42.1
  • 104.244.42.193
  • 104.244.42.129
unknown
pagead2.googlesyndication.com
  • 142.250.185.98
whitelisted

Threats

No threats detected
Process
Message
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
senego.com