URL:

https://www.upload.ee/files/15894811/Checkers_PACK.rar.html

Full analysis: https://app.any.run/tasks/8c1f0a0f-2189-4e6b-acf4-2f76e5dba4ff
Verdict: Malicious activity
Analysis date: May 17, 2024, 21:50:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

1829304EE5431615B54F3773EDF575F2

SHA1:

24A263D5B6473CB4703C0DD4D7FE307D80BE96B8

SHA256:

F46351A01D18FB510A79080FF4C239A199272CF7E07AA19D968D5465E8BC2AC4

SSDEEP:

3:N8DSLr7MJmUIgdUTmH1szn:2OLr08gdUTmOzn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Adds path to the Windows Defender exclusion list

      • Launcher.exe (PID: 2516)

    • Actions looks like stealing of personal data

      • WinRAR.exe (PID: 2904)

    • Create files in the Startup directory

      • Launcher.exe (PID: 2516)

    • Changes the autorun value in the registry

      • Launcher.exe (PID: 2516)

    • Drops the executable file immediately after the start

      • Launcher.exe (PID: 2516)

  • SUSPICIOUS

    • Write to the desktop.ini file (may be used to cloak folders)

      • WinRAR.exe (PID: 2904)
      • WinRAR.exe (PID: 3268)

    • Drops a system driver (possible attempt to evade defenses)

      • WinRAR.exe (PID: 2904)

    • The process creates files with name similar to system file names

      • WinRAR.exe (PID: 2904)
      • Launcher.exe (PID: 2516)

    • Reads security settings of Internet Explorer

      • LeagueOfLegendsAccountChecker.exe (PID: 3432)
      • Windows Services.exe (PID: 3168)
      • Launcher.exe (PID: 2516)

    • Reads the Internet Settings

      • LeagueOfLegendsAccountChecker.exe (PID: 3432)
      • Launcher.exe (PID: 2516)
      • powershell.exe (PID: 2628)
      • Windows Services.exe (PID: 3168)
      • cleaned.exe (PID: 2484)
      • cleaned.exe (PID: 308)

    • Script adds exclusion path to Windows Defender

      • Launcher.exe (PID: 2516)

    • Starts POWERSHELL.EXE for commands execution

      • Launcher.exe (PID: 2516)

    • Using PowerShell to operate with local accounts

      • powershell.exe (PID: 2628)

    • Executable content was dropped or overwritten

      • Launcher.exe (PID: 2516)

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 2904)

    • Reads settings of System Certificates

      • cleaned.exe (PID: 2484)
      • cleaned.exe (PID: 308)

    • Adds/modifies Windows certificates

      • cleaned.exe (PID: 2484)

  • INFO

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1796)
      • WinRAR.exe (PID: 2904)
      • explorer.exe (PID: 3804)
      • WinRAR.exe (PID: 3268)
      • LeagueOfLegendsAccountChecker.exe (PID: 3432)
      • cleaned.exe (PID: 308)
      • rundll32.exe (PID: 1604)

    • Reads the computer name

      • wmpnscfg.exe (PID: 1796)
      • LeagueOfLegendsAccountChecker.exe (PID: 3432)
      • Launcher.exe (PID: 2516)
      • cleaned.exe (PID: 2484)
      • Windows Services.exe (PID: 3168)
      • Secure System Shell.exe (PID: 1696)
      • cleaned.exe (PID: 308)

    • The process uses the downloaded file

      • msedge.exe (PID: 2680)
      • WinRAR.exe (PID: 3268)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2904)
      • WinRAR.exe (PID: 3268)

    • Checks supported languages

      • wmpnscfg.exe (PID: 1796)
      • LeagueOfLegendsAccountChecker.exe (PID: 3432)
      • Launcher.exe (PID: 2516)
      • Windows Services.exe (PID: 3168)
      • Secure System Shell.exe (PID: 1696)
      • Runtime Explorer.exe (PID: 1928)
      • Runtime Explorer.exe (PID: 2660)
      • cleaned.exe (PID: 308)
      • cleaned.exe (PID: 2484)
      • Runtime Explorer.exe (PID: 2092)
      • Runtime Explorer.exe (PID: 2428)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 3984)
      • WinRAR.exe (PID: 3268)
      • WinRAR.exe (PID: 2904)

    • Application launched itself

      • msedge.exe (PID: 3984)

    • Reads the machine GUID from the registry

      • Launcher.exe (PID: 2516)
      • LeagueOfLegendsAccountChecker.exe (PID: 3432)
      • cleaned.exe (PID: 2484)
      • Windows Services.exe (PID: 3168)
      • Secure System Shell.exe (PID: 1696)
      • cleaned.exe (PID: 308)
      • Runtime Explorer.exe (PID: 2660)
      • Runtime Explorer.exe (PID: 2092)
      • Runtime Explorer.exe (PID: 2428)
      • Runtime Explorer.exe (PID: 1928)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 2628)

    • Creates files or folders in the user directory

      • Launcher.exe (PID: 2516)

    • Disables trace logs

      • cleaned.exe (PID: 2484)
      • cleaned.exe (PID: 308)

    • Reads the software policy settings

      • cleaned.exe (PID: 2484)
      • cleaned.exe (PID: 308)

    • Create files in a temporary directory

      • Runtime Explorer.exe (PID: 2660)
      • Runtime Explorer.exe (PID: 2092)
      • Runtime Explorer.exe (PID: 2428)
      • Runtime Explorer.exe (PID: 1928)

    • Reads Environment values

      • cleaned.exe (PID: 308)
      • cleaned.exe (PID: 2484)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
108
Monitored processes
56
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe explorer.exe no specs winrar.exe leagueoflegendsaccountchecker.exe no specs launcher.exe powershell.exe no specs cleaned.exe windows services.exe no specs secure system shell.exe no specs runtime explorer.exe no specs runtime explorer.exe no specs cleaned.exe rundll32.exe no specs runtime explorer.exe no specs runtime explorer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
308"C:\Users\admin\Desktop\Checkers PACK\Checkers PACK\LOL Checker by AC - Cleaned\Data\cleaned.exe" C:\Users\admin\Desktop\Checkers PACK\Checkers PACK\LOL Checker by AC - Cleaned\Data\cleaned.exe
explorer.exe
User:
admin
Company:
FiftyThreeCorp
Integrity Level:
MEDIUM
Description:
LeagueOfLegendsAccountChecker-v1
Version:
1.0.0
Modules
Images
c:\users\admin\desktop\checkers pack\checkers pack\lol checker by ac - cleaned\data\cleaned.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
524"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2208 --field-trial-handle=1284,i,14543966996782522405,347928260081982011,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
920"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=4216 --field-trial-handle=1284,i,14543966996782522405,347928260081982011,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1012"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 --field-trial-handle=1284,i,14543966996782522405,347928260081982011,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1056"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2224 --field-trial-handle=1284,i,14543966996782522405,347928260081982011,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1240"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3404 --field-trial-handle=1284,i,14543966996782522405,347928260081982011,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1244"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4144 --field-trial-handle=1284,i,14543966996782522405,347928260081982011,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1344"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3752 --field-trial-handle=1284,i,14543966996782522405,347928260081982011,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1548"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1604 --field-trial-handle=1284,i,14543966996782522405,347928260081982011,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1568"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.PageScreenshotProcessor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3756 --field-trial-handle=1284,i,14543966996782522405,347928260081982011,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
30 340
Read events
30 147
Write events
176
Delete events
17

Modification events

(PID) Process:(3984) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3984) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3984) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(3984) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3984) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3984) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(3984) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(3984) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
37846EA043772F00
(PID) Process:(3984) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\FirstNotDefault
Operation:delete valueName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
(PID) Process:(3984) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
Executable files
1 094
Suspicious files
304
Text files
520
Unknown types
4

Dropped files

PID
Process
Filename
Type
3984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State
MD5:
SHA256:
3984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF103a3c.TMP
MD5:
SHA256:
3984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF103a7a.TMP
MD5:
SHA256:
3984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
3984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF103b65.TMP
MD5:
SHA256:
3984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
3984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Last Versiontext
MD5:61FE7896F9494DCDF53480A325F4FB85
SHA256:ACFD3CD36E0DFCF1DCB67C7F31F2A5B9BA0815528A0C604D4330DFAA9E683E51
4008msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pma~RF102ffb.TMPbinary
MD5:886E82F2CA62ECCCE64601B30592078A
SHA256:E5E13D53601100FF3D6BB71514CBCCC4C73FE9B7EF5E930100E644187B42948E
3984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old~RF103c40.TMPtext
MD5:C2F5F0CF3799AE7C49D5998928742D2B
SHA256:9A3A3979C14C0FE3187A2054464DB6F42D9C27ACBC6E1863EE24BAEB1A084985
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
83
DNS requests
166
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
3984
msedge.exe
239.255.255.250:1900
unknown
2036
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2036
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2036
msedge.exe
51.91.30.159:443
www.upload.ee
OVH SAS
FR
unknown
2036
msedge.exe
18.239.38.8:443
du0pud0sdlmzf.cloudfront.net
US
unknown
2036
msedge.exe
142.250.181.232:443
www.googletagmanager.com
GOOGLE
US
unknown
2036
msedge.exe
172.217.16.130:443
pagead2.googlesyndication.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.upload.ee
  • 51.91.30.159
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
s7.addthis.com
  • 23.215.20.4
whitelisted
du0pud0sdlmzf.cloudfront.net
  • 18.239.38.8
  • 18.239.38.115
  • 18.239.38.123
  • 18.239.38.128
unknown
www.googletagmanager.com
  • 142.250.181.232
whitelisted
pagead2.googlesyndication.com
  • 172.217.16.130
whitelisted
googleads.g.doubleclick.net
  • 142.250.186.130
whitelisted
www.bing.com
  • 2.23.209.130
  • 2.23.209.133
  • 2.23.209.182
  • 2.23.209.179
  • 2.23.209.140
  • 2.23.209.187
  • 2.19.96.120
  • 2.19.96.83
  • 2.19.96.90
  • 2.19.96.66
  • 2.19.96.107
  • 2.19.96.82
  • 2.19.96.91
whitelisted
releaseavailandpr.info
  • 18.239.94.101
  • 18.239.94.46
  • 18.239.94.73
  • 18.239.94.123
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.upload.ee/files/15894811/Checkers_PACK.rar.html