File name:

ArcadeEditor64.exe

Full analysis: https://app.any.run/tasks/27588ddb-2dd8-41de-a39b-9da9745bad95
Verdict: Malicious activity
Analysis date: June 21, 2025, 18:26:19
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows, 2 sections
MD5:

5E69173352DEDAD35C8CEA6774CE26BA

SHA1:

EF3C662BD5A8D2920DF58A428F9658DA66A1637F

SHA256:

BAC45911848FDE4C59D8DE6EFDB76FFF445443EDC79B8187E2C877B8410A961A

SSDEEP:

384:DaMaEyy+dCZ63I8a5ZyZVkcXdB4ldRTGplfNPVkcNdBvldRTGplf62RQmmvNul:OzY3fpGpF9fpGpFnRavAl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • ArcadeEditor64.exe (PID: 2044)

  • SUSPICIOUS

    • Executes application which crashes

      • ArcadeEditor64.exe (PID: 2044)

  • INFO

    • Reads the machine GUID from the registry

      • ArcadeEditor64.exe (PID: 2044)

    • Checks proxy server information

      • WerFault.exe (PID: 4520)
      • slui.exe (PID: 5628)

    • Checks supported languages

      • ArcadeEditor64.exe (PID: 2044)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 4520)

    • Reads the computer name

      • ArcadeEditor64.exe (PID: 2044)

    • Reads the software policy settings

      • slui.exe (PID: 5628)
      • WerFault.exe (PID: 4520)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2018:09:06 15:08:51+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 48
CodeSize: 25088
InitializedDataSize: 20992
UninitializedDataSize: -
EntryPoint: 0x0000
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: Ubisoft
FileDescription: Far Cry® 5 Arcade Editor
FileVersion: 1.0.0.0
InternalName: ArcadeEditor64.exe
LegalCopyright: Copyright © Ubisoft 2017
LegalTrademarks: -
OriginalFileName: ArcadeEditor64.exe
ProductName: Far Cry® 5 Arcade Editor
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
138
Monitored processes
3
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start arcadeeditor64.exe werfault.exe slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
2044"C:\Users\admin\Desktop\ArcadeEditor64.exe" C:\Users\admin\Desktop\ArcadeEditor64.exe
explorer.exe
User:
admin
Company:
Ubisoft
Integrity Level:
MEDIUM
Description:
Far Cry® 5 Arcade Editor
Exit code:
3762504530
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\arcadeeditor64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
4520C:\WINDOWS\system32\WerFault.exe -u -p 2044 -s 1012C:\Windows\System32\WerFault.exe
ArcadeEditor64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
5628C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
10 002
Read events
10 002
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
1
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
4520WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ArcadeEditor64.e_1a36b87ed69e695b693c463574c6ead98c22c2_99bec2b7_1b9c1f64-0d77-491f-a1fc-13b0829a34a8\Report.wer
MD5:
SHA256:
4520WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\ArcadeEditor64.exe.2044.dmp
MD5:
SHA256:
4520WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER70AC.tmp.WERInternalMetadata.xmlxml
MD5:E7249F88D1A5D220CE27FDF073927857
SHA256:2A3CA96A9B71FC4599BFE7BEB5769BD6B1006AEEF14F810640868119031EDF1F
4520WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER6EF6.tmp.dmpbinary
MD5:43804A84416B2641BBB080A24F4F94F3
SHA256:CC2E58D25BA1191C3C3B987A7C63FBF40AD4C547C59458B808674005BEFB29EF
4520WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER70DC.tmp.xmlxml
MD5:5463E5207EDA0850C8BE9438DCBFE981
SHA256:1D89375C81114061EBB2DD1B39374ED1A5C045BCAC069F259DBE7227F710FAA4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
43
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5944
MoUsoCoreWorker.exe
GET
200
184.24.77.41:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
184.24.77.41:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3800
RUXIMICS.exe
GET
200
184.24.77.41:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3800
RUXIMICS.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
40.126.32.68:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
POST
200
20.190.160.14:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
16.7 Kb
whitelisted
POST
200
20.190.160.14:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
POST
200
20.190.160.128:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3800
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5944
MoUsoCoreWorker.exe
184.24.77.41:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
184.24.77.41:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3800
RUXIMICS.exe
184.24.77.41:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1268
svchost.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
  • 20.73.194.208
whitelisted
google.com
  • 142.250.186.142
whitelisted
crl.microsoft.com
  • 184.24.77.41
  • 184.24.77.38
  • 184.24.77.9
  • 184.24.77.42
  • 184.24.77.34
  • 184.24.77.40
  • 184.24.77.16
  • 184.24.77.13
  • 184.24.77.15
  • 23.55.104.172
  • 23.55.104.190
whitelisted
www.microsoft.com
  • 2.23.181.156
  • 2.23.246.101
whitelisted
watson.events.data.microsoft.com
  • 20.189.173.20
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 20.190.160.4
  • 20.190.160.131
  • 20.190.160.65
  • 20.190.160.130
  • 20.190.160.5
  • 40.126.32.74
  • 40.126.32.133
  • 40.126.32.138
whitelisted
nexusrules.officeapps.live.com
  • 52.111.229.48
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ArcadeEditor64.exe