URL:

https://github.com/seuyh/stellaris-dlc-unlocker

Full analysis: https://app.any.run/tasks/5ae66884-39e1-44ac-a1af-577f57627e3c
Verdict: Malicious activity
Analysis date: December 23, 2024, 05:28:55
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
github
python
Indicators:
MD5:

7287623AE0A121E1C3423406FC519CD8

SHA1:

EB6AA0FCC3A8BDE5747F66C25148E769A2E19231

SHA256:

BE0491E442AD55EC99EE30DB24D923DD2FA3036465257B5E2385EF6203BE384C

SSDEEP:

3:N8tEdmAQcNN+K9:2uwKt9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • Stellaris-DLC-Unlocker.exe (PID: 6876)
      • Stellaris-DLC-Unlocker.exe (PID: 5000)
      • Stellaris-DLC-Unlocker.exe (PID: 8084)
      • Stellaris-DLC-Unlocker.exe (PID: 4764)
      • Stellaris-DLC-Unlocker.exe (PID: 3540)
      • Stellaris-DLC-Unlocker.exe (PID: 7320)

    • Executable content was dropped or overwritten

      • Stellaris-DLC-Unlocker.exe (PID: 6876)
      • Stellaris-DLC-Unlocker.exe (PID: 5000)
      • Stellaris-DLC-Unlocker.exe (PID: 8084)
      • Stellaris-DLC-Unlocker.exe (PID: 4764)
      • Stellaris-DLC-Unlocker.exe (PID: 3540)
      • Stellaris-DLC-Unlocker.exe (PID: 7320)

    • Process drops python dynamic module

      • Stellaris-DLC-Unlocker.exe (PID: 6876)
      • Stellaris-DLC-Unlocker.exe (PID: 5000)
      • Stellaris-DLC-Unlocker.exe (PID: 8084)
      • Stellaris-DLC-Unlocker.exe (PID: 4764)
      • Stellaris-DLC-Unlocker.exe (PID: 3540)
      • Stellaris-DLC-Unlocker.exe (PID: 7320)

    • The process drops C-runtime libraries

      • Stellaris-DLC-Unlocker.exe (PID: 6876)
      • Stellaris-DLC-Unlocker.exe (PID: 5000)
      • Stellaris-DLC-Unlocker.exe (PID: 8084)
      • Stellaris-DLC-Unlocker.exe (PID: 4764)
      • Stellaris-DLC-Unlocker.exe (PID: 3540)
      • Stellaris-DLC-Unlocker.exe (PID: 7320)

    • Application launched itself

      • Stellaris-DLC-Unlocker.exe (PID: 6876)
      • Stellaris-DLC-Unlocker.exe (PID: 5000)
      • Stellaris-DLC-Unlocker.exe (PID: 8084)
      • Stellaris-DLC-Unlocker.exe (PID: 3540)
      • Stellaris-DLC-Unlocker.exe (PID: 4764)
      • Stellaris-DLC-Unlocker.exe (PID: 7320)

    • Loads Python modules

      • Stellaris-DLC-Unlocker.exe (PID: 1468)
      • Stellaris-DLC-Unlocker.exe (PID: 7920)
      • Stellaris-DLC-Unlocker.exe (PID: 3436)
      • Stellaris-DLC-Unlocker.exe (PID: 7184)
      • Stellaris-DLC-Unlocker.exe (PID: 5872)
      • Stellaris-DLC-Unlocker.exe (PID: 7500)

    • Uses TASKKILL.EXE to kill process

      • Stellaris-DLC-Unlocker.exe (PID: 1468)
      • Stellaris-DLC-Unlocker.exe (PID: 7920)
      • Stellaris-DLC-Unlocker.exe (PID: 7184)
      • Stellaris-DLC-Unlocker.exe (PID: 5872)
      • Stellaris-DLC-Unlocker.exe (PID: 7500)
      • Stellaris-DLC-Unlocker.exe (PID: 3436)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 1544)

    • Reads Environment values

      • identity_helper.exe (PID: 8036)

    • Reads the computer name

      • identity_helper.exe (PID: 8036)
      • Stellaris-DLC-Unlocker.exe (PID: 6876)
      • Stellaris-DLC-Unlocker.exe (PID: 5000)
      • Stellaris-DLC-Unlocker.exe (PID: 8084)
      • Stellaris-DLC-Unlocker.exe (PID: 7184)
      • Stellaris-DLC-Unlocker.exe (PID: 3436)
      • Stellaris-DLC-Unlocker.exe (PID: 5872)
      • Stellaris-DLC-Unlocker.exe (PID: 7500)

    • Checks supported languages

      • identity_helper.exe (PID: 8036)
      • Stellaris-DLC-Unlocker.exe (PID: 6876)
      • Stellaris-DLC-Unlocker.exe (PID: 5000)
      • Stellaris-DLC-Unlocker.exe (PID: 8084)
      • Stellaris-DLC-Unlocker.exe (PID: 3540)
      • Stellaris-DLC-Unlocker.exe (PID: 1468)
      • Stellaris-DLC-Unlocker.exe (PID: 7920)
      • Stellaris-DLC-Unlocker.exe (PID: 5872)

    • The process uses the downloaded file

      • msedge.exe (PID: 7072)
      • msedge.exe (PID: 1544)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 1544)

    • Create files in a temporary directory

      • Stellaris-DLC-Unlocker.exe (PID: 6876)
      • Stellaris-DLC-Unlocker.exe (PID: 5000)
      • Stellaris-DLC-Unlocker.exe (PID: 8084)
      • Stellaris-DLC-Unlocker.exe (PID: 3540)
      • Stellaris-DLC-Unlocker.exe (PID: 4764)
      • Stellaris-DLC-Unlocker.exe (PID: 7320)

    • The sample compiled with english language support

      • Stellaris-DLC-Unlocker.exe (PID: 6876)
      • Stellaris-DLC-Unlocker.exe (PID: 4764)
      • Stellaris-DLC-Unlocker.exe (PID: 5000)
      • Stellaris-DLC-Unlocker.exe (PID: 8084)
      • Stellaris-DLC-Unlocker.exe (PID: 7320)
      • Stellaris-DLC-Unlocker.exe (PID: 3540)

    • Sends debugging messages

      • Stellaris-DLC-Unlocker.exe (PID: 1468)
      • Stellaris-DLC-Unlocker.exe (PID: 7920)
      • Stellaris-DLC-Unlocker.exe (PID: 7184)
      • Stellaris-DLC-Unlocker.exe (PID: 7500)
      • Stellaris-DLC-Unlocker.exe (PID: 3436)
      • Stellaris-DLC-Unlocker.exe (PID: 5872)

    • Checks proxy server information

      • Stellaris-DLC-Unlocker.exe (PID: 1468)
      • Stellaris-DLC-Unlocker.exe (PID: 7920)
      • Stellaris-DLC-Unlocker.exe (PID: 3436)
      • Stellaris-DLC-Unlocker.exe (PID: 5872)
      • Stellaris-DLC-Unlocker.exe (PID: 7500)
      • Stellaris-DLC-Unlocker.exe (PID: 7184)

    • Manual execution by a user

      • Stellaris-DLC-Unlocker.exe (PID: 7320)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
228
Monitored processes
90
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs stellaris-dlc-unlocker.exe no specs stellaris-dlc-unlocker.exe stellaris-dlc-unlocker.exe no specs stellaris-dlc-unlocker.exe stellaris-dlc-unlocker.exe no specs stellaris-dlc-unlocker.exe stellaris-dlc-unlocker.exe no specs stellaris-dlc-unlocker.exe no specs stellaris-dlc-unlocker.exe stellaris-dlc-unlocker.exe rundll32.exe no specs stellaris-dlc-unlocker.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs stellaris-dlc-unlocker.exe taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs msedge.exe no specs stellaris-dlc-unlocker.exe taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs msedge.exe no specs stellaris-dlc-unlocker.exe stellaris-dlc-unlocker.exe stellaris-dlc-unlocker.exe taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs msedge.exe no specs stellaris-dlc-unlocker.exe msedge.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
732"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5288 --field-trial-handle=2372,i,9969193898199627195,3071433251787098012,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1080\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1216taskkill /F /IM "Paradox Launcher.exe"C:\Windows\System32\taskkill.exeStellaris-DLC-Unlocker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1228\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1468"C:\Users\admin\Downloads\Stellaris-DLC-Unlocker.exe" C:\Users\admin\Downloads\Stellaris-DLC-Unlocker.exe
Stellaris-DLC-Unlocker.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\downloads\stellaris-dlc-unlocker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1544"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://github.com/seuyh/stellaris-dlc-unlocker"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1804"C:\Users\admin\Downloads\Stellaris-DLC-Unlocker.exe" C:\Users\admin\Downloads\Stellaris-DLC-Unlocker.exemsedge.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\downloads\stellaris-dlc-unlocker.exe
c:\windows\system32\ntdll.dll
1876taskkill /F /IM "Paradox Launcher.exe"C:\Windows\System32\taskkill.exeStellaris-DLC-Unlocker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2076\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2728taskkill /F /IM "Paradox Launcher.exe"C:\Windows\System32\taskkill.exeStellaris-DLC-Unlocker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
9 205
Read events
9 166
Write events
39
Delete events
0

Modification events

(PID) Process:(1544) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(1544) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(1544) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(1544) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(1544) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
0559888E7F882F00
(PID) Process:(1544) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
4599928E7F882F00
(PID) Process:(1544) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328372
Operation:writeName:WindowTabManagerFileMappingId
Value:
{6EAEC90C-5282-4C76-9C67-89BB4E11928D}
(PID) Process:(1544) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328372
Operation:writeName:WindowTabManagerFileMappingId
Value:
{2A92381C-8BDE-4C7B-A42A-468B63D75BDE}
(PID) Process:(1544) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328372
Operation:writeName:WindowTabManagerFileMappingId
Value:
{626E860F-88CA-4081-8ECB-54DBCF9FFB00}
(PID) Process:(1544) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328372
Operation:writeName:WindowTabManagerFileMappingId
Value:
{90CC28E6-79AB-418B-8B9B-E913240E5D27}
Executable files
730
Suspicious files
731
Text files
6 261
Unknown types
309

Dropped files

PID
Process
Filename
Type
1544msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF13524a.TMP
MD5:
SHA256:
1544msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
1544msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF13524a.TMP
MD5:
SHA256:
1544msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
1544msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF13524a.TMP
MD5:
SHA256:
1544msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
1544msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF13524a.TMP
MD5:
SHA256:
1544msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
1544msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF135259.TMP
MD5:
SHA256:
1544msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
37
TCP/UDP connections
118
DNS requests
105
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7036
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7504
svchost.exe
HEAD
200
2.16.168.112:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1735345433&P2=404&P3=2&P4=CvjedJDHQ8%2bCFZuupdWWIMZd%2fNzRDIGy3dxgRCYl5VfCU25D6CemyZB7qnaTzctbE1xzeF9yuRcEY88arPTc1g%3d%3d
unknown
whitelisted
4052
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
4052
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7504
svchost.exe
GET
206
2.16.168.112:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1735345433&P2=404&P3=2&P4=CvjedJDHQ8%2bCFZuupdWWIMZd%2fNzRDIGy3dxgRCYl5VfCU25D6CemyZB7qnaTzctbE1xzeF9yuRcEY88arPTc1g%3d%3d
unknown
whitelisted
7504
svchost.exe
GET
206
2.16.168.112:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1735345433&P2=404&P3=2&P4=CvjedJDHQ8%2bCFZuupdWWIMZd%2fNzRDIGy3dxgRCYl5VfCU25D6CemyZB7qnaTzctbE1xzeF9yuRcEY88arPTc1g%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6072
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5064
SearchApp.exe
2.23.209.149:443
www.bing.com
Akamai International B.V.
GB
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1544
msedge.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
  • 20.73.194.208
whitelisted
google.com
  • 142.250.184.238
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.120
whitelisted
www.bing.com
  • 2.23.209.149
  • 2.23.209.179
  • 2.23.209.185
  • 2.23.209.130
  • 2.23.209.133
  • 2.23.209.187
  • 2.23.209.189
  • 2.23.209.140
  • 2.23.209.182
  • 104.126.37.177
  • 104.126.37.123
  • 104.126.37.146
  • 104.126.37.136
  • 104.126.37.144
  • 104.126.37.178
  • 104.126.37.147
  • 104.126.37.145
  • 104.126.37.162
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
github.com
  • 140.82.121.4
  • 140.82.121.3
shared
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted

Threats

PID
Process
Class
Message
6404
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
6404
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
6404
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
6404
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
2192
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
Process
Message
Stellaris-DLC-Unlocker.exe
QFont::setPointSize: Point size <= 0 (-1), must be greater than 0
Stellaris-DLC-Unlocker.exe
QFont::setPointSize: Point size <= 0 (-1), must be greater than 0
Stellaris-DLC-Unlocker.exe
libpng warning: bKGD: invalid
Stellaris-DLC-Unlocker.exe
QFont::setPointSize: Point size <= 0 (-1), must be greater than 0
Stellaris-DLC-Unlocker.exe
QFont::setPointSize: Point size <= 0 (-1), must be greater than 0
Stellaris-DLC-Unlocker.exe
libpng warning: bKGD: invalid
Stellaris-DLC-Unlocker.exe
QFont::setPointSize: Point size <= 0 (-1), must be greater than 0
Stellaris-DLC-Unlocker.exe
QFont::setPointSize: Point size <= 0 (-1), must be greater than 0
Stellaris-DLC-Unlocker.exe
libpng warning: bKGD: invalid
Stellaris-DLC-Unlocker.exe
QFont::setPointSize: Point size <= 0 (-1), must be greater than 0
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://github.com/seuyh/stellaris-dlc-unlocker