File name:

Combo Editor by xRisky.exe

Full analysis: https://app.any.run/tasks/df668ed3-8725-4183-9e82-c6d27cf1c309
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: January 12, 2025, 19:43:09
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
fileshare
arch-exec
pastebin
crypto-regex
adware
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (console) Intel 80386, for MS Windows, 5 sections
MD5:

FF35B34E2659FD8A6B072ACF9CF9DE5C

SHA1:

CB841EBBE0A7265B1861527BFFF77D33EC990955

SHA256:

B6B5AFF27407147C206981227A1307FC9339A5093051BE75EF02F93032FBF342

SSDEEP:

3072:TFyS1avcFL4lJT2XzYVBL/UuN2K1QDlBzkZ0Y4DW89rsClBwxBM3RvQ2ciEYy4rP:p1a6c7IKz1QDlBzJY4a89AEL5zmq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Create files in the Startup directory

      • AntiPublic.exe (PID: 5972)

  • SUSPICIOUS

    • Node.exe was dropped

      • WinRAR.exe (PID: 2796)

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 2796)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 2796)
      • lib.cfg (PID: 5892)

    • Executable content was dropped or overwritten

      • AntiPublic.exe (PID: 5972)
      • data.bin (PID: 6664)

    • Starts application with an unusual extension

      • AntiPublic.exe (PID: 5972)
      • combolist generator BY X-KILLER.exe (PID: 6976)

    • Found regular expressions for crypto-addresses (YARA)

      • wscsvc.exe (PID: 5496)

    • Access to an unwanted program domain was detected

      • wupdater.exe (PID: 1476)

  • INFO

    • The sample compiled with english language support

      • Combo Editor by xRisky.exe (PID: 1412)
      • WinRAR.exe (PID: 2796)
      • AntiPublic.exe (PID: 5972)
      • msedge.exe (PID: 1488)
      • data.bin (PID: 6664)

    • Checks supported languages

      • Combo Editor by xRisky.exe (PID: 1412)
      • Combo Editor by xRisky.exe (PID: 5980)
      • Combo Editor by xRisky.exe (PID: 3080)
      • Combo Editor by xRisky.exe (PID: 2008)
      • Combo Editor by xRisky.exe (PID: 4672)
      • Combo Editor by xRisky.exe (PID: 3416)
      • Combo Editor by xRisky.exe (PID: 6384)
      • Combo Editor by xRisky.exe (PID: 6376)
      • Combo Editor by xRisky.exe (PID: 5916)
      • Combo Editor by xRisky.exe (PID: 4624)
      • identity_helper.exe (PID: 4516)
      • AntiPublic.exe (PID: 5972)
      • wscsvc.exe (PID: 5496)
      • lib.cfg (PID: 5892)
      • wupdater.exe (PID: 1476)
      • data.bin (PID: 6664)
      • combolist generator BY X-KILLER.exe (PID: 6976)

    • Manual execution by a user

      • Combo Editor by xRisky.exe (PID: 4672)
      • Combo Editor by xRisky.exe (PID: 5980)
      • Combo Editor by xRisky.exe (PID: 2008)
      • Combo Editor by xRisky.exe (PID: 3080)
      • Combo Editor by xRisky.exe (PID: 3416)
      • Combo Editor by xRisky.exe (PID: 6384)
      • Combo Editor by xRisky.exe (PID: 6376)
      • Combo Editor by xRisky.exe (PID: 5916)
      • Combo Editor by xRisky.exe (PID: 4624)
      • msedge.exe (PID: 7128)

    • Application launched itself

      • msedge.exe (PID: 7128)

    • The process uses the downloaded file

      • msedge.exe (PID: 6172)
      • msedge.exe (PID: 7128)
      • WinRAR.exe (PID: 2796)
      • lib.cfg (PID: 5892)

    • Reads the computer name

      • identity_helper.exe (PID: 4516)
      • lib.cfg (PID: 5892)
      • wupdater.exe (PID: 1476)
      • data.bin (PID: 6664)

    • Reads Environment values

      • identity_helper.exe (PID: 4516)
      • lib.cfg (PID: 5892)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 7128)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2796)
      • msedge.exe (PID: 1488)

    • Creates files or folders in the user directory

      • AntiPublic.exe (PID: 5972)
      • lib.cfg (PID: 5892)
      • data.bin (PID: 6664)

    • Reads the software policy settings

      • wupdater.exe (PID: 1476)
      • lib.cfg (PID: 5892)

    • Reads the machine GUID from the registry

      • lib.cfg (PID: 5892)
      • data.bin (PID: 6664)

    • Disables trace logs

      • lib.cfg (PID: 5892)

    • Checks proxy server information

      • lib.cfg (PID: 5892)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:12:25 19:38:24+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 162304
InitializedDataSize: 334336
UninitializedDataSize: -
EntryPoint: 0xe275
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows command line
FileVersionNumber: 4.1.0.1
ProductVersionNumber: 4.1.0.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileVersion: 4.1.0.1
LegalCopyright: 2024-2025. Unauthorized use is prohibited
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
216
Monitored processes
85
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start combo editor by xrisky.exe no specs conhost.exe no specs combo editor by xrisky.exe no specs conhost.exe no specs combo editor by xrisky.exe no specs conhost.exe no specs combo editor by xrisky.exe no specs conhost.exe no specs combo editor by xrisky.exe no specs conhost.exe no specs combo editor by xrisky.exe no specs conhost.exe no specs combo editor by xrisky.exe no specs conhost.exe no specs combo editor by xrisky.exe no specs conhost.exe no specs combo editor by xrisky.exe no specs conhost.exe no specs combo editor by xrisky.exe no specs conhost.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs antipublic.exe conhost.exe no specs wscsvc.exe no specs lib.cfg wupdater.exe svchost.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs combolist generator by x-killer.exe no specs conhost.exe no specs data.bin msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
308"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1548 --field-trial-handle=2404,i,11542351947534499213,11602573199944279963,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
520"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6708 --field-trial-handle=2404,i,11542351947534499213,11602573199944279963,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
640"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4408 --field-trial-handle=2404,i,11542351947534499213,11602573199944279963,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
748\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeCombo Editor by xRisky.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1412"C:\Users\admin\AppData\Local\Temp\Combo Editor by xRisky.exe" C:\Users\admin\AppData\Local\Temp\Combo Editor by xRisky.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
4.1.0.1
Modules
Images
c:\users\admin\appdata\local\temp\combo editor by xrisky.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\version.dll
1476C:\Users\admin\AppData\Local\\wupdater\\wupdater.exe M2t3uElUjRojF1ZbeHbkroWqdQMRCuH1CFmjiVsow53g57XCpiJIap9htwr699mEC:\Users\admin\AppData\Local\wupdater\wupdater.exe
AntiPublic.exe
User:
admin
Integrity Level:
MEDIUM
Description:
wupdater
Version:
3.0.2.1
Modules
Images
c:\users\admin\appdata\local\wupdater\wupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\winhttp.dll
1488"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=2404,i,11542351947534499213,11602573199944279963,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1544"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7664 --field-trial-handle=2404,i,11542351947534499213,11602573199944279963,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1920"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5496 --field-trial-handle=2404,i,11542351947534499213,11602573199944279963,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2008"C:\Users\admin\Desktop\Combo Editor by xRisky.exe" C:\Users\admin\Desktop\Combo Editor by xRisky.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
4.1.0.1
Modules
Images
c:\users\admin\desktop\combo editor by xrisky.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\msvcrt.dll
Total events
14 751
Read events
14 618
Write events
129
Delete events
4

Modification events

(PID) Process:(7128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(7128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(7128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(7128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(7128) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
8D5879D91D8A2F00
(PID) Process:(7128) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
473E84D91D8A2F00
(PID) Process:(7128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\1049298
Operation:writeName:WindowTabManagerFileMappingId
Value:
{66B3AEB8-5FF8-4E90-A3EE-BA3A898FE150}
(PID) Process:(7128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\1049298
Operation:writeName:WindowTabManagerFileMappingId
Value:
{C84BAA6D-3AE5-467B-9571-BEC1BF464D9E}
(PID) Process:(7128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\1049298
Operation:writeName:WindowTabManagerFileMappingId
Value:
{C50D12AE-1232-4953-B2FE-2A9A0508348F}
(PID) Process:(7128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\1049298
Operation:writeName:WindowTabManagerFileMappingId
Value:
{5F0C5F08-CBE5-4044-B5E0-B9FBF6CC6B60}
Executable files
335
Suspicious files
751
Text files
160
Unknown types
0

Dropped files

PID
Process
Filename
Type
7128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF152c3a.TMP
MD5:
SHA256:
7128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
7128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF152c3a.TMP
MD5:
SHA256:
7128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF152c49.TMP
MD5:
SHA256:
7128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
7128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF152c49.TMP
MD5:
SHA256:
7128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
7128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF152c59.TMP
MD5:
SHA256:
7128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
47
TCP/UDP connections
127
DNS requests
151
Threats
33

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.99:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2380
svchost.exe
GET
200
2.16.164.99:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2380
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
3436
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3436
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5064
SearchApp.exe
2.23.227.215:443
www.bing.com
Ooredoo Q.S.C.
QA
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.99:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
2380
svchost.exe
2.16.164.99:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
2380
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2380
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.23.227.208:443
www.bing.com
Ooredoo Q.S.C.
QA
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 2.23.227.215
  • 2.23.227.208
  • 2.21.65.132
  • 2.21.65.154
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.16.164.99
  • 2.16.164.43
  • 2.16.164.49
  • 2.16.164.18
  • 2.16.164.51
  • 2.16.164.9
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 2.23.246.101
whitelisted
google.com
  • 142.250.185.238
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.159.2
  • 20.190.159.23
  • 20.190.159.68
  • 20.190.159.71
  • 40.126.31.73
  • 20.190.159.0
  • 20.190.159.4
  • 40.126.31.69
whitelisted
go.microsoft.com
  • 184.28.89.167
  • 2.23.242.9
whitelisted
r.bing.com
  • 2.21.65.154
  • 2.21.65.132
  • 2.23.227.208
  • 2.23.227.215
whitelisted
fp.msedge.net
  • 204.79.197.222
whitelisted

Threats

PID
Process
Class
Message
7164
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
7164
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
7164
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
7164
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
7164
msedge.exe
Misc activity
ET INFO File Sharing Related Domain in TLS SNI (gofile .io)
7164
msedge.exe
Misc activity
ET INFO File Sharing Related Domain in TLS SNI (gofile .io)
7164
msedge.exe
Potentially Bad Traffic
ET INFO Online File Storage Domain in DNS Lookup (gofile .io)
7164
msedge.exe
Potentially Bad Traffic
ET INFO Online File Storage Domain in DNS Lookup (gofile .io)
7164
msedge.exe
Potentially Bad Traffic
ET INFO Online File Storage Domain in DNS Lookup (gofile .io)
7164
msedge.exe
Misc activity
ET INFO File Sharing Related Domain in TLS SNI (gofile .io)
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Combo Editor by xRisky.exe