download:

/moeru-ai/airi/releases/tag/v0.7.2-beta.2

Full analysis: https://app.any.run/tasks/2af566a0-5557-430c-b3b1-af21c626d2b8
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: August 25, 2025, 13:15:10
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
github
loader
arch-doc
Indicators:
MIME: text/html
File info: HTML document, Unicode text, UTF-8 text, with very long lines (3172)
MD5:

E075294570FF4BB0E0D86DA871F23889

SHA1:

D42F290FDDAFA30C9D309B4FB49EBA8032C1BBB0

SHA256:

DA019D1A80E4885E2BB9B8BD0C5152AF65088F1CEB2D4BC16918BF6E66B12B2F

SSDEEP:

6144:wy55uxbCL+0cqQSdV950ISqgicva1GotnvZJT3CqbMrhryf65NRPaCieMjAkvCJe:F55uxbCL+0cqQSdV950ISqgicva1GotR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 8036)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 6940)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • ShellExperienceHost.exe (PID: 1040)
      • MicrosoftEdgeUpdate.exe (PID: 8036)
      • MicrosoftEdgeUpdate.exe (PID: 8136)
      • msedgewebview2.exe (PID: 7604)

    • The process creates files with name similar to system file names

      • AIRI_0.7.2-beta.2_windows_amd64-setup.exe (PID: 6900)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • AIRI_0.7.2-beta.2_windows_amd64-setup.exe (PID: 6900)

    • Searches for installed software

      • AIRI_0.7.2-beta.2_windows_amd64-setup.exe (PID: 6900)
      • setup.exe (PID: 7884)
      • msedgewebview2.exe (PID: 7604)

    • Executable content was dropped or overwritten

      • AIRI_0.7.2-beta.2_windows_amd64-setup.exe (PID: 6900)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7612)
      • MicrosoftEdgeUpdate.exe (PID: 8036)
      • MicrosoftEdge_X64_139.0.3405.111.exe (PID: 7204)
      • setup.exe (PID: 7884)

    • Process drops legitimate windows executable

      • AIRI_0.7.2-beta.2_windows_amd64-setup.exe (PID: 6900)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7612)
      • MicrosoftEdgeUpdate.exe (PID: 8036)
      • MicrosoftEdge_X64_139.0.3405.111.exe (PID: 7204)
      • setup.exe (PID: 7884)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 7612)
      • MicrosoftEdgeUpdate.exe (PID: 8036)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 8036)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdate.exe (PID: 1864)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7796)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7824)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8040)

    • There is functionality for taking screenshot (YARA)

      • AIRI_0.7.2-beta.2_windows_amd64-setup.exe (PID: 6900)

    • Application launched itself

      • setup.exe (PID: 7884)
      • MicrosoftEdgeUpdate.exe (PID: 8136)
      • msedgewebview2.exe (PID: 7604)

    • Creates a software uninstall entry

      • setup.exe (PID: 7884)
      • AIRI_0.7.2-beta.2_windows_amd64-setup.exe (PID: 6900)

  • INFO

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 2292)

    • Reads security settings of Internet Explorer

      • OpenWith.exe (PID: 2292)
      • notepad.exe (PID: 8048)

    • Application launched itself

      • Acrobat.exe (PID: 4552)
      • AcroCEF.exe (PID: 6796)
      • msedge.exe (PID: 6808)
      • msedge.exe (PID: 6956)

    • Checks supported languages

      • ShellExperienceHost.exe (PID: 1040)
      • identity_helper.exe (PID: 7544)
      • AIRI_0.7.2-beta.2_windows_amd64-setup.exe (PID: 6900)
      • MicrosoftEdgeUpdate.exe (PID: 8036)
      • MicrosoftEdgeUpdate.exe (PID: 1864)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7612)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7796)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8040)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7824)
      • MicrosoftEdgeUpdate.exe (PID: 1148)
      • MicrosoftEdgeUpdate.exe (PID: 5504)
      • MicrosoftEdgeUpdate.exe (PID: 8136)
      • identity_helper.exe (PID: 8004)
      • MicrosoftEdge_X64_139.0.3405.111.exe (PID: 7204)
      • setup.exe (PID: 7884)
      • setup.exe (PID: 7908)
      • MicrosoftEdgeUpdateCore.exe (PID: 2280)
      • MicrosoftEdgeUpdate.exe (PID: 7564)
      • MicrosoftEdgeUpdate.exe (PID: 6356)
      • app.exe (PID: 5236)
      • msedgewebview2.exe (PID: 7604)
      • msedgewebview2.exe (PID: 8124)
      • msedgewebview2.exe (PID: 6940)
      • msedgewebview2.exe (PID: 7548)
      • msedgewebview2.exe (PID: 1180)
      • msedgewebview2.exe (PID: 7844)
      • msedgewebview2.exe (PID: 8180)
      • msedgewebview2.exe (PID: 7212)
      • msedgewebview2.exe (PID: 2532)
      • msedgewebview2.exe (PID: 2528)
      • msedgewebview2.exe (PID: 7656)

    • Reads the computer name

      • ShellExperienceHost.exe (PID: 1040)
      • identity_helper.exe (PID: 7544)
      • AIRI_0.7.2-beta.2_windows_amd64-setup.exe (PID: 6900)
      • MicrosoftEdgeUpdate.exe (PID: 8036)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7796)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8040)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7824)
      • MicrosoftEdgeUpdate.exe (PID: 1148)
      • MicrosoftEdgeUpdate.exe (PID: 5504)
      • MicrosoftEdgeUpdate.exe (PID: 1864)
      • MicrosoftEdgeUpdate.exe (PID: 8136)
      • identity_helper.exe (PID: 8004)
      • MicrosoftEdge_X64_139.0.3405.111.exe (PID: 7204)
      • setup.exe (PID: 7884)
      • MicrosoftEdgeUpdateCore.exe (PID: 2280)
      • MicrosoftEdgeUpdate.exe (PID: 7564)
      • MicrosoftEdgeUpdate.exe (PID: 6356)
      • app.exe (PID: 5236)
      • msedgewebview2.exe (PID: 7604)
      • msedgewebview2.exe (PID: 6940)
      • msedgewebview2.exe (PID: 7548)
      • msedgewebview2.exe (PID: 7212)
      • msedgewebview2.exe (PID: 7656)

    • Manual execution by a user

      • msedge.exe (PID: 6808)
      • MicrosoftEdgeUpdateCore.exe (PID: 2280)
      • app.exe (PID: 5236)
      • notepad.exe (PID: 8048)

    • Reads Environment values

      • identity_helper.exe (PID: 7544)
      • MicrosoftEdgeUpdate.exe (PID: 1148)
      • identity_helper.exe (PID: 8004)
      • MicrosoftEdgeUpdate.exe (PID: 6356)
      • app.exe (PID: 5236)
      • msedgewebview2.exe (PID: 7604)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6808)

    • Create files in a temporary directory

      • AIRI_0.7.2-beta.2_windows_amd64-setup.exe (PID: 6900)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7612)
      • msedgewebview2.exe (PID: 7604)

    • Checks proxy server information

      • AIRI_0.7.2-beta.2_windows_amd64-setup.exe (PID: 6900)
      • MicrosoftEdgeUpdate.exe (PID: 1148)
      • MicrosoftEdgeUpdate.exe (PID: 8136)
      • slui.exe (PID: 8068)
      • MicrosoftEdgeUpdate.exe (PID: 6356)
      • msedgewebview2.exe (PID: 7604)

    • The sample compiled with english language support

      • AIRI_0.7.2-beta.2_windows_amd64-setup.exe (PID: 6900)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7612)
      • MicrosoftEdgeUpdate.exe (PID: 8036)
      • MicrosoftEdge_X64_139.0.3405.111.exe (PID: 7204)
      • setup.exe (PID: 7884)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 8036)
      • MicrosoftEdgeUpdate.exe (PID: 8136)
      • MicrosoftEdge_X64_139.0.3405.111.exe (PID: 7204)
      • setup.exe (PID: 7884)
      • setup.exe (PID: 7908)
      • AIRI_0.7.2-beta.2_windows_amd64-setup.exe (PID: 6900)
      • msedgewebview2.exe (PID: 7604)
      • msedgewebview2.exe (PID: 8124)
      • msedgewebview2.exe (PID: 7548)
      • msedgewebview2.exe (PID: 7656)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 8036)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 8036)
      • setup.exe (PID: 7884)
      • msedgewebview2.exe (PID: 7604)
      • msedgewebview2.exe (PID: 7844)
      • msedgewebview2.exe (PID: 8180)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 1148)
      • MicrosoftEdgeUpdate.exe (PID: 8136)
      • slui.exe (PID: 8068)
      • MicrosoftEdgeUpdate.exe (PID: 6356)
      • app.exe (PID: 5236)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 8136)
      • msedgewebview2.exe (PID: 7604)
      • msedgewebview2.exe (PID: 7656)

    • Reads product name

      • app.exe (PID: 5236)

    • Reads CPU info

      • msedgewebview2.exe (PID: 7604)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

EXIF

HTML

Title: Release v0.7.2-beta.2 · moeru-ai/airi · GitHub
RoutePattern: /:user_id/:repository/releases/tag/*name
RouteController: releases
RouteAction: show
FetchNonce: v2:3ade863e-0918-3233-0f4f-ca106691ec6c
CurrentCatalogServiceHash: 6f13f31f798a93a6b08d3be0727120e9af35851fac7b9c620d6cf9a70068c136
RequestId: 22CC:1276:DE57FF8:BE7E767:68AC61DE
HtmlSafeNonce: 60aee5eaeca666b5d61cd19078b3441737f092c91c9d702faf2c9260f2bf43e6
VisitorPayload: eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiIyMkNDOjEyNzY6REU1N0ZGODpCRTdFNzY3OjY4QUM2MURFIiwidmlzaXRvcl9pZCI6IjgzNTQzNzY1NzEyNDExMjg0MTQiLCJyZWdpb25fZWRnZSI6ImZyYSIsInJlZ2lvbl9yZW5kZXIiOiJmcmEifQ==
VisitorHmac: 75171ed61f3a136eefa2bcd842b410c4de23785fcdd11ead77e890fdd37984ed
HovercardSubjectTag: repository:896924279
GithubKeyboardShortcuts: repository,copilot
GoogleSiteVerification: Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
OctolyticsUrl: https://collector.github.com/github/collect
AnalyticsLocation: /<user-name>/<repo-name>/releases/show
UserLogin: -
Viewport: width=device-width
Description: 💖🧸 Self hosted, you owned Grok Companion, a container of souls of waifu, cyber livings to bring them into our worlds, wishing to achieve Neuro-sama's altitude. Capable of realtime voice chat, Minecraft, Factorio playing. Web / macOS / Windows supported. - Release v0.7.2-beta.2 · moeru-ai/airi
AppleItunesApp: app-id=1477376905, app-argument=https://github.com/moeru-ai/airi/releases/tag/v0.7.2-beta.2
TwitterImage: https://opengraph.githubassets.com/cffcbaf03bfdc503caef50fd873265848566ae6e2de5681735f49a05c94c5696/moeru-ai/airi/releases/tag/v0.7.2-beta.2
TwitterSite: @github
TwitterCard: summary_large_image
TwitterTitle: Release v0.7.2-beta.2 · moeru-ai/airi
TwitterDescription: What&#39;s Changed 🚀 Features Spanish Language - by @dm94 in #372 (713ff) LM Studio Provider - by @dm94 in #380 (1b76f) Added debouncing for onboarding, fixed validation if the user i… - by @Misak...
TwitterCreator: ayakaneko
Hostname: github.com
ExpectedHostname: github.com
HTTPEquivXPjaxVersion: 077eeb9aea24ea9d9bd9d02b963bb187a2aadb7279441d00b67f245b17c29c10
HTTPEquivXPjaxCspVersion: 8fba9c9418de26103e6176951dd0c38780be21b972f2019085dee08622fdb843
HTTPEquivXPjaxCssVersion: a9611e86b7e2350c392af35df5bd245b9838034893684575ab1a7582b944d175
HTTPEquivXPjaxJsVersion: e9c750b784c06cb07cd04ddcb73e2ad1e5fa789b251523605307c6df42c38292
TurboCacheControl: no-preview
GoImport: github.com/moeru-ai/airi git https://github.com/moeru-ai/airi.git
OctolyticsDimensionUser_id: 165476306
OctolyticsDimensionUser_login: moeru-ai
OctolyticsDimensionRepository_id: 896924279
OctolyticsDimensionRepository_nwo: moeru-ai/airi
OctolyticsDimensionRepository_public:
OctolyticsDimensionRepository_is_fork: -
OctolyticsDimensionRepository_network_root_id: 896924279
OctolyticsDimensionRepository_network_root_nwo: moeru-ai/airi
TurboBodyClasses: logged-out env-production page-responsive
BrowserStatsUrl: https://api.github.com/_private/browser/stats
BrowserErrorsUrl: https://api.github.com/_private/browser/errors
Release: cb94c4bf54a1b62f3e7a6c5d80501965d1c2e3f7
UiTarget: full
ThemeColor: #1e2327
ColorScheme: light dark
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
235
Monitored processes
86
Malicious processes
7
Suspicious processes
4

Behavior graph

Click at the process to see the details
start openwith.exe no specs acrobat.exe no specs acrobat.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs shellexperiencehost.exe no specs rundll32.exe no specs rundll32.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs airi_0.7.2-beta.2_windows_amd64-setup.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs microsoftedge_x64_139.0.3405.111.exe setup.exe setup.exe no specs microsoftedgeupdatecore.exe no specs microsoftedgeupdate.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgeupdate.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs app.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedgewebview2.exe no specs notepad.exe no specs msedge.exe no specs msedgewebview2.exe no specs msedge.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
304"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1628,i,5431217525293226303,4408974917620509870,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
516"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=7864,i,3737763401239647245,1473557062344930435,262144 --variations-seed-version --mojo-platform-channel-handle=7548 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
856"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1556 --field-trial-handle=1628,i,5431217525293226303,4408974917620509870,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
984"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=1260,i,16826616441791381525,11608785459278710675,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1040"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mcaC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Shell Experience Host
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\dxgi.dll
1052"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2952,i,16826616441791381525,11608785459278710675,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1148"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNjUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNjUiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7MEM1RTdBQzctMDNFQi00REU1LTgyMjQtMTgyMzBCMjBENjA0fSIgdXNlcmlkPSJ7MEJBMDNGRUUtOUI2Ri00NEYzLTlBMjgtQ0E1MEU5OTQxRjhCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxOEQ0OTk0Qy0yNzU5LTQxRUMtQkZFNi03OTQ3REIyNTc5NUR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE5NS42NSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTY5OTI1NTQyMDEiIGluc3RhbGxfdGltZV9tcz0iNTE0Ii8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.65
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
1180"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\139.0.3405.111\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\ai.moeru.airi-tamagotchi\EBWebView" --webview-exe-name=app.exe --webview-exe-version=0.7.2-beta.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --force-high-res-timeticks=disabled --always-read-main-dll --metrics-shmem-handle=2364,i,563382095954389291,10680711003567498839,524288 --field-trial-handle=1892,i,8732308934445300801,4736428863804933499,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutofillEnableEdgeSuggestions,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillShowDeployedPassword,msEdgeCaptureSelectionInPDF,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeScreenshotUI,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebCapture,msEdgeWebCaptureUniformExperience,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLlmConsumerDlpPurview,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msNumberOfSitesToPin,msNurturingGlobalSitePinningOnCloseModal,msNurturingSitePinningCITopSites,msNurturingSitePinningWithWindowsConsent,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSitePinningWithoutUi,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=2376 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\139.0.3405.111\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
139.0.3405.111
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\139.0.3405.111\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\139.0.3405.111\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1520"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=renderer --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --first-renderer-process --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --touch-events=enabled --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1628,i,5431217525293226303,4408974917620509870,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1704"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2248,i,16826616441791381525,11608785459278710675,262144 --variations-seed-version --mojo-platform-channel-handle=2436 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
30 364
Read events
28 426
Write events
1 842
Delete events
96

Modification events

(PID) Process:(2292) OpenWith.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3c\52C64B7E
Operation:writeName:@C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\oregres.dll,-205
Value:
Word
(PID) Process:(2292) OpenWith.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3c\52C64B7E
Operation:writeName:@wmploc.dll,-102
Value:
Windows Media Player
(PID) Process:(4552) Acrobat.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-2034283098-2252572593-1072577386-2659511007-3245387615-27016815-3920691934
Operation:writeName:DisplayName
Value:
Adobe Acrobat Reader Protected Mode
(PID) Process:(2704) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\ExitSection
Operation:writeName:bLastExitNormal
Value:
0
(PID) Process:(2704) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement
Operation:writeName:bSynchronizeOPL
Value:
0
(PID) Process:(2704) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral
Operation:writeName:uLastAppLaunchTimeStamp
Value:
(PID) Process:(2704) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral
Operation:writeName:iNumAcrobatLaunches
Value:
7
(PID) Process:(2704) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\HomeWelcomeFirstMile
Operation:writeName:iCardCountShown
Value:
3
(PID) Process:(2704) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AdobeViewer
Operation:delete valueName:ProductInfoCache
Value:
(PID) Process:(2704) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AdobeViewer
Operation:writeName:EULAAcceptedForBrowser
Value:
1
Executable files
259
Suspicious files
915
Text files
180
Unknown types
0

Dropped files

PID
Process
Filename
Type
2704Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2704binary
MD5:366B140BAFC863B7E366AA1E51604759
SHA256:CBC8B288DBD2C72432081CF33CEF431572A94C7FB89DBCD59973B99E3871814E
4552Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lstbinary
MD5:366B140BAFC863B7E366AA1E51604759
SHA256:CBC8B288DBD2C72432081CF33CEF431572A94C7FB89DBCD59973B99E3871814E
2704Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTINGbinary
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
2704Acrobat.exeC:\Users\admin\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.1.20093.6 2025-08-25 13-15-31-936.logtext
MD5:460C6041966002D8384A18C895A65EB0
SHA256:C83EC6E8FB3EC62481289C033238C1D9B08DB8076EAAD304099FD7A7F594F1B9
2704Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalbinary
MD5:0A8A6606EA300843B55D1850F5A3BABB
SHA256:AD6F73BB12ADA15ECEC3BCC83ED6B2C82B0EA109872FBB8B645E97CB2A647F03
2704Acrobat.exeC:\Users\admin\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txttext
MD5:B3770011D1A22AF5675ED57FA3870105
SHA256:C41B062807C7A394725C4B85D7B8625A0662E097032E2DD741440063775F4326
6796AcroCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old~RF19093d.TMPtext
MD5:7383516745DEC1E86152192435F92D1F
SHA256:E22D34BBD915EEB277D4F4138D176EACE5577CF035EF7C2C80A4BC4D9B6C0E1D
2704Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEventsbinary
MD5:5F762435EFB8F78753ADCEEC280751B9
SHA256:836C8038A7DD274E50C69849EF6C502B76EA001B12D66AFBC80306143558E805
6796AcroCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.oldtext
MD5:8412AEEF2309E13FC954061D9BCEFFF4
SHA256:D062D7B5DF5F3BCB753E97AB5D1DCD9CF62058D9103DA383DBE1F482FC1D4644
6796AcroCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.oldtext
MD5:EB1590F2607E1CE46DBF6A521F772EA0
SHA256:4355D9A8A115BA4E41178B456A8A5578846EB1F7EC9509249C2405F758F31731
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
34
TCP/UDP connections
161
DNS requests
145
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7472
svchost.exe
GET
206
217.20.57.35:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1756723747&P2=404&P3=2&P4=m9UONzWqfNK%2fpXtWHToOkR32wRgHUDkAS%2bJRIiU52PSh1c86rLTjkHqRw%2foNiEJXU3JdifKYt0FxJm%2b6f8onqA%3d%3d
unknown
whitelisted
7472
svchost.exe
HEAD
200
217.20.57.35:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1756723747&P2=404&P3=2&P4=m9UONzWqfNK%2fpXtWHToOkR32wRgHUDkAS%2bJRIiU52PSh1c86rLTjkHqRw%2foNiEJXU3JdifKYt0FxJm%2b6f8onqA%3d%3d
unknown
whitelisted
7472
svchost.exe
GET
206
217.20.57.35:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1756723747&P2=404&P3=2&P4=m9UONzWqfNK%2fpXtWHToOkR32wRgHUDkAS%2bJRIiU52PSh1c86rLTjkHqRw%2foNiEJXU3JdifKYt0FxJm%2b6f8onqA%3d%3d
unknown
whitelisted
7472
svchost.exe
HEAD
200
217.20.57.35:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4c4fdee0-d69c-42b7-bf5c-3ec046e9dfc9?P1=1756720148&P2=404&P3=2&P4=Okbo%2bRb9DWTw9qrqXcLG0bCfVy9cBfPEORN65ki43Uh%2fOVAUS7Pw76OgVIauOdijF1J0LfN%2f4HnZh17WjsSDtQ%3d%3d
unknown
whitelisted
7472
svchost.exe
HEAD
200
217.20.57.35:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/22ea0ef8-01a0-4267-b34f-310128c69f2f?P1=1756494409&P2=404&P3=2&P4=MqoDgviFuJi9b8YMj8zF3W4%2bKHnGqCipvUcL3l%2feXP82sBII85OLC2LXIMDgShnurg3w37k0BjkbDlsKRzjjHw%3d%3d
unknown
whitelisted
7472
svchost.exe
GET
200
217.20.57.35:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4c4fdee0-d69c-42b7-bf5c-3ec046e9dfc9?P1=1756720148&P2=404&P3=2&P4=Okbo%2bRb9DWTw9qrqXcLG0bCfVy9cBfPEORN65ki43Uh%2fOVAUS7Pw76OgVIauOdijF1J0LfN%2f4HnZh17WjsSDtQ%3d%3d
unknown
whitelisted
7472
svchost.exe
GET
200
217.20.57.35:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/22ea0ef8-01a0-4267-b34f-310128c69f2f?P1=1756494409&P2=404&P3=2&P4=MqoDgviFuJi9b8YMj8zF3W4%2bKHnGqCipvUcL3l%2feXP82sBII85OLC2LXIMDgShnurg3w37k0BjkbDlsKRzjjHw%3d%3d
unknown
whitelisted
7472
svchost.exe
GET
200
217.20.57.35:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/550117a4-8c0f-4d0d-8ff8-7c3caccb0e8a?P1=1756716548&P2=404&P3=2&P4=Jk71Gu8MJ6Xv8Q9VlM%2fopvWCybbQLCewKaf0%2b1Ni1YPEKC4I%2f%2fpu6xPXCSMLb3jSrT5sLUWzpcoVF7GsRBM3yw%3d%3d
unknown
whitelisted
7472
svchost.exe
HEAD
200
217.20.57.35:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/550117a4-8c0f-4d0d-8ff8-7c3caccb0e8a?P1=1756716548&P2=404&P3=2&P4=Jk71Gu8MJ6Xv8Q9VlM%2fopvWCybbQLCewKaf0%2b1Ni1YPEKC4I%2f%2fpu6xPXCSMLb3jSrT5sLUWzpcoVF7GsRBM3yw%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
188
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2460
svchost.exe
40.126.31.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2460
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
whitelisted
google.com
  • 142.250.186.174
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 69.192.161.161
whitelisted
login.live.com
  • 40.126.31.71
  • 20.190.159.2
  • 40.126.31.3
  • 20.190.159.131
  • 40.126.31.2
  • 40.126.31.1
  • 40.126.31.130
  • 40.126.31.128
  • 40.126.32.68
  • 40.126.32.134
  • 40.126.32.140
  • 40.126.32.138
  • 20.190.160.2
  • 20.190.160.66
  • 20.190.160.132
  • 40.126.32.136
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
slscr.update.microsoft.com
  • 74.178.240.61
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
ntp.msn.com
  • 204.79.197.203
whitelisted

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access release user assets on GitHub
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
Misc activity
ET INFO Packed Executable Download
Misc activity
ET INFO Packed Executable Download
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\ai.moeru.airi-tamagotchi directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
/moeru-ai/airi/releases/tag/v0.7.2-beta.2