URL:

https://get-genp.com/

Full analysis: https://app.any.run/tasks/48e94f52-9a15-42b0-8bca-97487716b6cb
Verdict: Malicious activity
Threats:

Crypto mining malware is a resource-intensive threat that infiltrates computers with the purpose of mining cryptocurrencies. This type of threat can be deployed either on an infected machine or a compromised website. In both cases the miner will utilize the computing power of the device and its network bandwidth.

Malware Trends Tracker     >>>
Analysis date: May 10, 2025, 13:18:59
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
adobegenp
crack
evasion
python
arch-scr
arch-doc
arch-exec
miner
xmrig
Indicators:
MD5:

ABDCB203445E6298EAC830C0FF2EBC48

SHA1:

89E7F357FD98DB9D9F27688C6D7888024EC6AC4C

SHA256:

F9B2A5B9AB317ABBFA296E74F40B227E9283A89DE4E1E6D7DBED30C2FDD3CAEA

SSDEEP:

3:N8hSLQG:2oLP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Uses Task Scheduler to autorun other applications

      • cmd.exe (PID: 7376)

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 8112)

    • Changes powershell execution policy (Bypass)

      • wscript.exe (PID: 7780)
      • AdobeGenP.exe (PID: 7532)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 8112)
      • powershell.exe (PID: 3192)
      • powershell.exe (PID: 7656)

    • Changes Windows Defender settings

      • python.exe (PID: 1096)

    • Vulnerable driver has been detected

      • tar.exe (PID: 7540)
      • python.exe (PID: 1096)

    • XMRIG has been detected

      • python.exe (PID: 1096)

    • MINER has been detected (SURICATA)

      • xmrig.exe (PID: 8040)

    • XMRig has been detected

      • xmrig.exe (PID: 8040)

    • Connects to the CnC server

      • xmrig.exe (PID: 8040)

    • Adds path to the Windows Defender exclusion list

      • python.exe (PID: 1096)

  • SUSPICIOUS

    • Write to the desktop.ini file (may be used to cloak folders)

      • WinRAR.exe (PID: 7892)

    • Process drops python dynamic module

      • tar.exe (PID: 7720)
      • tar.exe (PID: 4212)
      • tar.exe (PID: 960)

    • Executable content was dropped or overwritten

      • tar.exe (PID: 7720)
      • tar.exe (PID: 4212)
      • tar.exe (PID: 960)
      • tar.exe (PID: 7540)

    • The process drops C-runtime libraries

      • tar.exe (PID: 7720)
      • tar.exe (PID: 4212)

    • Process drops legitimate windows executable

      • tar.exe (PID: 7720)
      • tar.exe (PID: 4212)

    • Starts POWERSHELL.EXE for commands execution

      • wscript.exe (PID: 7780)
      • python.exe (PID: 1096)
      • AdobeGenP.exe (PID: 7532)

    • The process executes via Task Scheduler

      • wscript.exe (PID: 7780)

    • The process bypasses the loading of PowerShell profile settings

      • wscript.exe (PID: 7780)

    • ADOBEGENP mutex has been found

      • AdobeGenP.exe (PID: 7532)

    • Execution of CURL command

      • AdobeGenP.exe (PID: 7532)

    • Starts CMD.EXE for commands execution

      • AdobeGenP.exe (PID: 7532)
      • python.exe (PID: 1096)

    • Runs shell command (SCRIPT)

      • wscript.exe (PID: 7780)

    • Checks for external IP

      • python.exe (PID: 1096)
      • svchost.exe (PID: 2196)

    • Start notepad (likely ransomware note)

      • AdobeGenP.exe (PID: 7532)

    • Script adds exclusion path to Windows Defender

      • python.exe (PID: 1096)

    • Potential Corporate Privacy Violation

      • xmrig.exe (PID: 8040)

    • Drops a system driver (possible attempt to evade defenses)

      • tar.exe (PID: 7540)

    • Connects to unusual port

      • xmrig.exe (PID: 8040)

    • Query Microsoft Defender preferences

      • python.exe (PID: 1096)

    • Removes files via Powershell

      • powershell.exe (PID: 3192)

    • Probably obfuscated PowerShell command line is found

      • AdobeGenP.exe (PID: 7532)

    • Found IP address in command line

      • powershell.exe (PID: 3192)
      • powershell.exe (PID: 7656)

    • Manipulates environment variables

      • powershell.exe (PID: 3192)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 6808)
      • msedge.exe (PID: 1568)
      • Acrobat.exe (PID: 7256)

    • Reads Environment values

      • identity_helper.exe (PID: 7900)
      • identity_helper.exe (PID: 7604)

    • Reads the computer name

      • identity_helper.exe (PID: 7900)
      • identity_helper.exe (PID: 7604)
      • curl.exe (PID: 7280)
      • AdobeGenP.exe (PID: 7532)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 6808)

    • Checks supported languages

      • identity_helper.exe (PID: 7900)
      • identity_helper.exe (PID: 7604)
      • AdobeGenP.exe (PID: 7532)
      • curl.exe (PID: 7280)
      • tar.exe (PID: 7720)
      • python.exe (PID: 1096)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 7892)
      • tar.exe (PID: 7720)
      • tar.exe (PID: 4212)
      • tar.exe (PID: 960)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7892)

    • Manual execution by a user

      • AdobeGenP.exe (PID: 7456)
      • AdobeGenP.exe (PID: 7532)
      • Acrobat.exe (PID: 7256)

    • Reads mouse settings

      • AdobeGenP.exe (PID: 7532)

    • Creates a new folder

      • cmd.exe (PID: 4784)

    • Execution of CURL command

      • cmd.exe (PID: 7216)

    • Python executable

      • python.exe (PID: 1096)

    • Checks operating system version

      • python.exe (PID: 1096)

    • The sample compiled with japanese language support

      • tar.exe (PID: 7540)
      • python.exe (PID: 1096)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
234
Monitored processes
101
Malicious processes
6
Suspicious processes
4

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs adobegenp.exe no specs adobegenp.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs curl.exe cmd.exe no specs conhost.exe no specs tar.exe cmd.exe conhost.exe no specs schtasks.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs wscript.exe no specs powershell.exe no specs conhost.exe no specs #XMRIG python.exe svchost.exe cmd.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs tar.exe cmd.exe no specs tar.exe slui.exe notepad.exe no specs msedge.exe no specs msedge.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs msedge.exe no specs cmd.exe no specs THREAT tar.exe #MINER xmrig.exe msedge.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe conhost.exe no specs msedge.exe no specs msedge.exe no specs acrobat.exe no specs acrobat.exe no specs powershell.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x1c0,0x1e0,0x298,0x1e4,0x2a0,0x7ffc88225fd8,0x7ffc88225fe4,0x7ffc88225ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
780"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
904"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6652 --field-trial-handle=2356,i,10192358573623739259,11552641864673109238,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
960tar -xf nig.zipC:\Windows\System32\tar.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
bsdtar archive tool
Version:
3.5.2 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\tar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\archiveint.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\cryptsp.dll
1096"C:\Windows\SystemHealth\Update\python.exe" .\SysMon.pyC:\Windows\SystemHealth\Update\python.exe
powershell.exe
User:
admin
Company:
Python Software Foundation
Integrity Level:
HIGH
Description:
Python
Version:
3.11.0
Modules
Images
c:\windows\systemhealth\update\python.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\systemhealth\update\vcruntime140.dll
c:\windows\systemhealth\update\python311.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
1388"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1640 --field-trial-handle=2232,i,7435471158569699540,12476152952066708911,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1568"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-windowC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1628C:\WINDOWS\system32\cmd.exe /c tar -xf getthem.zipC:\Windows\System32\cmd.exepython.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
1672"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6100 --field-trial-handle=2356,i,10192358573623739259,11552641864673109238,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1760"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6388 --field-trial-handle=2356,i,10192358573623739259,11552641864673109238,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
Total events
51 980
Read events
51 778
Write events
181
Delete events
21

Modification events

(PID) Process:(6808) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
E1D5DB355E932F00
(PID) Process:(6808) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
6AB3E3355E932F00
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328466
Operation:writeName:WindowTabManagerFileMappingId
Value:
{B3ABC5D0-CA7B-4B00-B5E0-94E535887756}
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328466
Operation:writeName:WindowTabManagerFileMappingId
Value:
{E083F31D-9A80-424A-85A6-79837F806446}
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328466
Operation:writeName:WindowTabManagerFileMappingId
Value:
{833928CC-C48F-448F-979E-5EAA8CC8B5D7}
(PID) Process:(6808) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
D10C3F365E932F00
Executable files
218
Suspicious files
1 767
Text files
1 905
Unknown types
0

Dropped files

PID
Process
Filename
Type
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10ba3a.TMP
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10ba49.TMP
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10ba49.TMP
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10ba49.TMP
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10ba59.TMP
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
28
TCP/UDP connections
78
DNS requests
4 486
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5344
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7280
curl.exe
GET
200
172.67.206.1:8080
http://micro-economics.net:8080/downloadables/Update.zip
unknown
unknown
5344
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7236
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0bff3331-8429-4575-9b2b-a689321198ed?P1=1747389042&P2=404&P3=2&P4=ls%2bJJ%2boSOFVp2O4D2WnQIXdskCt4B2G7avSrwTrtySSTO2XUfmrd3hc4MkpDt9x9OpZpsWHIwRnkvXIYxELTXg%3d%3d
unknown
whitelisted
7236
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0bff3331-8429-4575-9b2b-a689321198ed?P1=1747389042&P2=404&P3=2&P4=ls%2bJJ%2boSOFVp2O4D2WnQIXdskCt4B2G7avSrwTrtySSTO2XUfmrd3hc4MkpDt9x9OpZpsWHIwRnkvXIYxELTXg%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.16.164.120:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5496
MoUsoCoreWorker.exe
2.16.164.120:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5496
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
6808
msedge.exe
239.255.255.250:1900
whitelisted
7320
msedge.exe
104.21.48.1:443
get-genp.com
unknown
7320
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 2.16.164.120
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 184.30.21.171
whitelisted
google.com
  • 172.217.16.206
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
get-genp.com
  • 104.21.48.1
  • 104.21.96.1
  • 104.21.80.1
  • 104.21.112.1
  • 104.21.64.1
  • 104.21.32.1
  • 104.21.16.1
unknown
business.bing.com
  • 13.107.6.158
whitelisted
www.bing.com
  • 2.16.241.205
  • 2.16.241.201
  • 2.16.241.218
whitelisted

Threats

PID
Process
Class
Message
7320
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
7320
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
1096
python.exe
Device Retrieving External IP Address Detected
ET INFO Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
2196
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
2196
svchost.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
1096
python.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
8040
xmrig.exe
Potential Corporate Privacy Violation
ET INFO Cryptocurrency Miner Checkin
8040
xmrig.exe
Potential Corporate Privacy Violation
ET INFO Cryptocurrency Miner Checkin
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://get-genp.com/