URL:

https://windsurf.com/editor/auth-success?response_type=token&client_id=3GUryQ7ldAeKEuD2obYnppsnmj58eP5u&redirect_uri=windsurf%3A%2F%2Fcodeium.windsurf&state=dd26eba4-956a-445e-85e0-76ac7a058c50&prompt=login&redirect_parameters_type=fragment&workflow=onboarding&access_token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjcxMTE1MjM1YTZjNjE0NTRlZmRlZGM0NWE3N2U0MzUxMzY3ZWViZTAiLCJ0eXAiOiJKV1QifQ.eyJuYW1lIjoi0LjQstCw0L0g0LrQvtGH0L3QtdCyIiwicGljdHVyZSI6Imh0dHBzOi8vbGgzLmdvb2dsZXVzZXJjb250ZW50LmNvbS9hL0FDZzhvY0lMQXFjSVY2T2RiUS1rNVZrM05adzhzTU9pS0pScW5lMEVkMWlvWGV3R2ZQWkdfUVk9czk2LWMiLCJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vZXhhMi1mYjE3MCIsImF1ZCI6ImV4YTItZmIxNzAiLCJhdXRoX3RpbWUiOjE3NDQxMDE1MDIsInVzZXJfaWQiOiJKcFd0eERDR1A1TXgxRThRM3ZVQmZUZERzeGcxIiwic3ViIjoiSnBXdHhEQ0dQNU14MUU4UTN2VUJmVGREc3hnMSIsImlhdCI6MTc0NDEwMTUwNCwiZXhwIjoxNzQ0MTA1MTA0LCJlbWFpbCI6ImpvaG55d2Fsa2VyMTk5OEBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZmlyZWJhc2UiOnsiaWRlbnRpdGllcyI6eyJnb29nbGUuY29tIjpbIjExNTI1NzM2MTY1MzUzNzE3MTgxNSJdLCJlbWFpbCI6WyJqb2hueXdhbGtlcjE5OThAZ21haWwuY29tIl19LCJzaWduX2luX3Byb3ZpZGVyIjoiZ29vZ2xlLmNvbSJ9fQ.pdtKRVip87UPSOZzCRcuZIvkho01-OhI9oOWAZVsz6uosN1Ls5bVr3CJtCVqUh-HopLBwEouVLwBQTLMEEXxeRaJB1UOebbrRikW7CNDaNZ1feg0gfLmLsdHDE1PrcORfAD5_riMSmJ6zzIDUvUNlgPcjYv8Mk17PSVYgmDCXWvf02eKcnHfREu0VC5YHJW-k6TwonAJfj-4OqEndAmfVN2yr--ZQq9_wH9_3gT2SOKA8v99hDPzGukvM_CRCD0-PEbWL_n3F4TbUmuc1E8Z51_eqrDDSCOSiSX0D1xyvky2Hanl_XFKIdNNrrLifp1alcYEemG93IoIXRO-IMOH6w&authType=signup

Full analysis: https://app.any.run/tasks/27c28992-a4b3-47e7-b2a6-00b88594d3fe
Verdict: Malicious activity
Analysis date: April 08, 2025, 08:45:17
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
inno
installer
delphi
Indicators:
MD5:

A758050479E248FBF08585ADF4288A64

SHA1:

36331400CB09039B2121C031EB94BA3A079B778C

SHA256:

FDCDA8F86647E76D73B005A0E7FF4DC754670A0328F8A80010EC8995D740701C

SSDEEP:

24:2PuXMgWbrGtpozRi0k2KRsMxQUn0536HanqYf5wsIZxrYDEQN048QFYdIw0eAbIq:RXh3ozpk2alxHgWYPIZxKJ8QHJeAcA+6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • WindsurfUserSetup-x64-1.6.3.exe (PID: 6252)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WindsurfUserSetup-x64-1.6.3.exe (PID: 6252)
      • WindsurfUserSetup-x64-1.6.3.tmp (PID: 5964)

    • Reads the Windows owner or organization settings

      • WindsurfUserSetup-x64-1.6.3.tmp (PID: 5964)

    • Reads security settings of Internet Explorer

      • WindsurfUserSetup-x64-1.6.3.tmp (PID: 5964)

    • Starts POWERSHELL.EXE for commands execution

      • WindsurfUserSetup-x64-1.6.3.tmp (PID: 5964)

    • Kill processes via PowerShell

      • powershell.exe (PID: 7156)

    • Get information on the list of running processes

      • WindsurfUserSetup-x64-1.6.3.tmp (PID: 5964)

    • Uses ICACLS.EXE to modify access control lists

      • WindsurfUserSetup-x64-1.6.3.tmp (PID: 5964)

    • Process drops legitimate windows executable

      • WindsurfUserSetup-x64-1.6.3.tmp (PID: 5964)

  • INFO

    • Checks supported languages

      • identity_helper.exe (PID: 5008)
      • WindsurfUserSetup-x64-1.6.3.exe (PID: 6252)
      • WindsurfUserSetup-x64-1.6.3.tmp (PID: 5964)

    • Reads the computer name

      • identity_helper.exe (PID: 5008)
      • WindsurfUserSetup-x64-1.6.3.tmp (PID: 5964)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 5956)
      • msedge.exe (PID: 7872)

    • Autorun file from Downloads

      • msedge.exe (PID: 2236)

    • Reads Environment values

      • identity_helper.exe (PID: 5008)

    • Reads the software policy settings

      • slui.exe (PID: 5528)
      • slui.exe (PID: 7276)

    • Process checks computer location settings

      • WindsurfUserSetup-x64-1.6.3.tmp (PID: 5964)

    • Create files in a temporary directory

      • WindsurfUserSetup-x64-1.6.3.exe (PID: 6252)
      • WindsurfUserSetup-x64-1.6.3.tmp (PID: 5964)

    • Detects InnoSetup installer (YARA)

      • WindsurfUserSetup-x64-1.6.3.tmp (PID: 5964)
      • WindsurfUserSetup-x64-1.6.3.exe (PID: 6252)

    • Compiled with Borland Delphi (YARA)

      • WindsurfUserSetup-x64-1.6.3.exe (PID: 6252)
      • WindsurfUserSetup-x64-1.6.3.tmp (PID: 5964)

    • Creates files or folders in the user directory

      • WindsurfUserSetup-x64-1.6.3.tmp (PID: 5964)

    • Checks proxy server information

      • slui.exe (PID: 7276)

    • The sample compiled with english language support

      • msedge.exe (PID: 7872)
      • WindsurfUserSetup-x64-1.6.3.tmp (PID: 5964)

    • Application launched itself

      • msedge.exe (PID: 5956)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
206
Monitored processes
73
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs windsurfusersetup-x64-1.6.3.exe msedge.exe no specs windsurfusersetup-x64-1.6.3.tmp slui.exe powershell.exe no specs conhost.exe no specs msedge.exe no specs icacls.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
236"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6224 --field-trial-handle=2404,i,13828976044364652285,15018850183122486268,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
456"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5452 --field-trial-handle=2404,i,13828976044364652285,15018850183122486268,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
456"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1508 --field-trial-handle=2404,i,13828976044364652285,15018850183122486268,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
744"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5932 --field-trial-handle=2404,i,13828976044364652285,15018850183122486268,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
780"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5608 --field-trial-handle=2404,i,13828976044364652285,15018850183122486268,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
812"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5216 --field-trial-handle=2404,i,13828976044364652285,15018850183122486268,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
900"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4680 --field-trial-handle=2404,i,13828976044364652285,15018850183122486268,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1184"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6120 --field-trial-handle=2404,i,13828976044364652285,15018850183122486268,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1240"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5256 --field-trial-handle=2404,i,13828976044364652285,15018850183122486268,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1596 --field-trial-handle=2404,i,13828976044364652285,15018850183122486268,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
14 962
Read events
14 933
Write events
29
Delete events
0

Modification events

(PID) Process:(5956) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(5956) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(5956) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(5956) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(5956) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
465D46A8D6902F00
(PID) Process:(5956) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
F85656A8D6902F00
(PID) Process:(5956) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197212
Operation:writeName:WindowTabManagerFileMappingId
Value:
{10179063-93FC-4CDF-948C-4D8A06B3B96D}
(PID) Process:(5956) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197212
Operation:writeName:WindowTabManagerFileMappingId
Value:
{4A8B2350-6FB5-4C9B-93C4-36EDA8D85271}
(PID) Process:(5956) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197212
Operation:writeName:WindowTabManagerFileMappingId
Value:
{A710430B-33F8-44D8-A0AA-94ECE0D18524}
(PID) Process:(5956) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197212
Operation:writeName:WindowTabManagerFileMappingId
Value:
{701FD9F6-727D-4E94-B739-BEA717EBA0FA}
Executable files
66
Suspicious files
2 925
Text files
1 651
Unknown types
3

Dropped files

PID
Process
Filename
Type
5956msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10c371.TMP
MD5:
SHA256:
5956msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10c371.TMP
MD5:
SHA256:
5956msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
5956msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
5956msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10c371.TMP
MD5:
SHA256:
5956msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
5956msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10c371.TMP
MD5:
SHA256:
5956msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
5956msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10c3a0.TMP
MD5:
SHA256:
5956msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
54
TCP/UDP connections
141
DNS requests
152
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.216.77.36:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
8120
SIHClient.exe
GET
200
2.19.217.218:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
8120
SIHClient.exe
GET
200
2.19.217.218:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5956
msedge.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSr83eyJy3njhjVpn5bEpfc6MXawQQUOuEJhtTPGcKWdnRJdtzgNcZjY5oCEC9iDp8tuIkyoxL%2BNRD3k54%3D
unknown
whitelisted
5956
msedge.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQxgVcNvGEc6k3cMc%2F61dwEft%2FHpwQUz30soJB6mB3dtl6FwuDaFXHS5V4CEDd0Q0%2BetA4iH5I2yh8vJxc%3D
unknown
whitelisted
5956
msedge.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ9o3URkkDosDKNU0YpWwIkGi4lMwQUGnSkONe5tg6zW%2FrcXq4%2FtvBzPYgCEDsZ4wyH5ydZqq0JRUqJBho%3D
unknown
whitelisted
5956
msedge.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEQDVs2ACiVmif4RlyeaxjbrL
unknown
whitelisted
7760
svchost.exe
HEAD
200
2.16.168.108:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1744653850&P2=404&P3=2&P4=LpgTHh5Yrvfq9lZrLqbBIw34F1ZWkk2s1gALyj%2bfEucJk9uFb%2bETcBYFqz6btD8I2BXhc5zK%2f%2boPDsG8aoOw6Q%3d%3d
unknown
whitelisted
7760
svchost.exe
GET
206
2.16.168.108:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1744653850&P2=404&P3=2&P4=LpgTHh5Yrvfq9lZrLqbBIw34F1ZWkk2s1gALyj%2bfEucJk9uFb%2bETcBYFqz6btD8I2BXhc5zK%2f%2boPDsG8aoOw6Q%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.216.77.36:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
7368
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5956
msedge.exe
239.255.255.250:1900
whitelisted
7368
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7368
msedge.exe
13.107.253.45:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
7368
msedge.exe
76.76.21.21:443
windsurf.com
AMAZON-02
US
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.216.77.36
  • 23.216.77.42
  • 23.216.77.28
  • 23.216.77.20
whitelisted
google.com
  • 142.250.186.142
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.253.45
whitelisted
windsurf.com
  • 76.76.21.21
unknown
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.248
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
bzib.nelreports.net
  • 23.50.131.74
  • 23.50.131.78
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://windsurf.com/editor/auth-success?response_type=token&client_id=3GUryQ7ldAeKEuD2obYnppsnmj58eP5u&redirect_uri=windsurf%3A%2F%2Fcodeium.windsurf&state=dd26eba4-956a-445e-85e0-76ac7a058c50&prompt=login&redirect_parameters_type=fragment&workflow=onboarding&access_token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjcxMTE1MjM1YTZjNjE0NTRlZmRlZGM0NWE3N2U0MzUxMzY3ZWViZTAiLCJ0eXAiOiJKV1QifQ.eyJuYW1lIjoi0LjQstCw0L0g0LrQvtGH0L3QtdCyIiwicGljdHVyZSI6Imh0dHBzOi8vbGgzLmdvb2dsZXVzZXJjb250ZW50LmNvbS9hL0FDZzhvY0lMQXFjSVY2T2RiUS1rNVZrM05adzhzTU9pS0pScW5lMEVkMWlvWGV3R2ZQWkdfUVk9czk2LWMiLCJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vZXhhMi1mYjE3MCIsImF1ZCI6ImV4YTItZmIxNzAiLCJhdXRoX3RpbWUiOjE3NDQxMDE1MDIsInVzZXJfaWQiOiJKcFd0eERDR1A1TXgxRThRM3ZVQmZUZERzeGcxIiwic3ViIjoiSnBXdHhEQ0dQNU14MUU4UTN2VUJmVGREc3hnMSIsImlhdCI6MTc0NDEwMTUwNCwiZXhwIjoxNzQ0MTA1MTA0LCJlbWFpbCI6ImpvaG55d2Fsa2VyMTk5OEBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZmlyZWJhc2UiOnsiaWRlbnRpdGllcyI6eyJnb29nbGUuY29tIjpbIjExNTI1NzM2MTY1MzUzNzE3MTgxNSJdLCJlbWFpbCI6WyJqb2hueXdhbGtlcjE5OThAZ21haWwuY29tIl19LCJzaWduX2luX3Byb3ZpZGVyIjoiZ29vZ2xlLmNvbSJ9fQ.pdtKRVip87UPSOZzCRcuZIvkho01-OhI9oOWAZVsz6uosN1Ls5bVr3CJtCVqUh-HopLBwEouVLwBQTLMEEXxeRaJB1UOebbrRikW7CNDaNZ1feg0gfLmLsdHDE1PrcORfAD5_riMSmJ6zzIDUvUNlgPcjYv8Mk17PSVYgmDCXWvf02eKcnHfREu0VC5YHJW-k6TwonAJfj-4OqEndAmfVN2yr--ZQq9_wH9_3gT2SOKA8v99hDPzGukvM_CRCD0-PEbWL_n3F4TbUmuc1E8Z51_eqrDDSCOSiSX0D1xyvky2Hanl_XFKIdNNrrLifp1alcYEemG93IoIXRO-IMOH6w&authType=signup