File name:

toolwiz-time-freeze-3-2-0-2000-multi-win.exe

Full analysis: https://app.any.run/tasks/98c88661-ceff-4fb4-90a9-57daf17d6e56
Verdict: Malicious activity
Analysis date: August 10, 2023, 02:52:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
installer
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

88F4F2132DD677C69C52C6B6BA2E0741

SHA1:

DB6CB2436993FAE2E9951C6D7B4D5F7999644B54

SHA256:

060A48A670E554B163CBE18931D41A1EF395C903F5AD9859AA42D766E5CA542B

SSDEEP:

24576:qPqvmF8A/lHcn0ZbNILp3T53120vFP8W5AbbsdJ/E45sKwLWWMtygLXhtTQXaWcv:qS4hP+L5T531ksTYg7PTKaWQbEA+dVm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file the system directory

      • toolwiz-time-freeze-3-2-0-2000-multi-win.exe (PID: 3320)

  • SUSPICIOUS

    • Drops a system driver (possible attempt to evade defenses)

      • toolwiz-time-freeze-3-2-0-2000-multi-win.exe (PID: 3320)

    • Reads the Internet Settings

      • toolwiz-time-freeze-3-2-0-2000-multi-win.exe (PID: 3320)

    • Creates files in the driver directory

      • toolwiz-time-freeze-3-2-0-2000-multi-win.exe (PID: 3320)

    • Executable content was dropped or overwritten

      • toolwiz-time-freeze-3-2-0-2000-multi-win.exe (PID: 3320)

  • INFO

    • Create files in a temporary directory

      • toolwiz-time-freeze-3-2-0-2000-multi-win.exe (PID: 3320)

    • The process checks LSA protection

      • toolwiz-time-freeze-3-2-0-2000-multi-win.exe (PID: 3320)

    • Creates files in the program directory

      • toolwiz-time-freeze-3-2-0-2000-multi-win.exe (PID: 3320)

    • Reads the computer name

      • toolwiz-time-freeze-3-2-0-2000-multi-win.exe (PID: 3320)

    • Application launched itself

      • msedge.exe (PID: 2964)
      • msedge.exe (PID: 3804)

    • Manual execution by a user

      • msedge.exe (PID: 3804)

    • Checks supported languages

      • toolwiz-time-freeze-3-2-0-2000-multi-win.exe (PID: 3320)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (53.2)
.exe | Win32 Executable Delphi generic (17.5)
.scr | Windows screen saver (16.1)
.exe | Win32 Executable (generic) (5.5)
.exe | Win16/32 Executable Delphi generic (2.5)

EXIF

EXE

Comments: Toolwiz TimeFreeze 2016
ProductVersion: Toolwiz TimeFreeze 2016
ProductName: Toolwiz TimeFreeze 2016
OriginalFileName: Setup.exe
LegalTrademarks: Toolwiz.com
LegalCopyright: Copyright (c) 2012-2016 by Toolwiz.com
InternalName: Setup.exe
FileVersion: 3.2.0.2000
FileDescription: Toolwiz TimeFreeze 2016
CompanyName: Toolwiz
CharacterSet: Windows, Latin1
LanguageCode: English (British)
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 3.2.0.2000
FileVersionNumber: 3.2.0.2000
Subsystem: Windows GUI
SubsystemVersion: 4
ImageVersion: -
OSVersion: 4
EntryPoint: 0xc8124
UninitializedDataSize: -
InitializedDataSize: 2067456
CodeSize: 816640
LinkerVersion: 2.25
PEType: PE32
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
TimeStamp: 1992:06:19 22:22:17+00:00
MachineType: Intel 386 or later, and compatibles

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 19-Jun-1992 22:22:17
Detected languages:
  • Chinese - PRC
  • English - United Kingdom
  • English - United States
CompanyName: Toolwiz
FileDescription: Toolwiz TimeFreeze 2016
FileVersion: 3.2.0.2000
InternalName: Setup.exe
LegalCopyright: Copyright (c) 2012-2016 by Toolwiz.com
LegalTrademarks: Toolwiz.com
OriginalFilename: Setup.exe
ProductName: Toolwiz TimeFreeze 2016
ProductVersion: Toolwiz TimeFreeze 2016
Comments: Toolwiz TimeFreeze 2016

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0050
Pages in file: 0x0002
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x000F
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x001A
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000100

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 8
Time date stamp: 19-Jun-1992 22:22:17
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_BYTES_REVERSED_HI
  • IMAGE_FILE_BYTES_REVERSED_LO
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LINE_NUMS_STRIPPED
  • IMAGE_FILE_LOCAL_SYMS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
CODE
0x00001000
0x000C74AC
0x000C7600
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.56714
DATA
0x000C9000
0x00006400
0x00006400
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
6.22362
BSS
0x000D0000
0x00001649
0x00000000
IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
.idata
0x000D2000
0x00002C72
0x00002E00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.90116
.tls
0x000D5000
0x00000010
0x00000000
IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
.rdata
0x000D6000
0x00000018
0x00000200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_SHARED
0.20692
.reloc
0x000D7000
0x0000C9E4
0x0000CA00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_SHARED
6.66903
.rsrc
0x000E4000
0x001E2E00
0x001E2E00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_SHARED
6.62501

Resources

Title
Entropy
Size
Codepage
Language
Type
1
3.43813
940
UNKNOWN
English - United Kingdom
RT_VERSION
2
3.57297
744
UNKNOWN
Chinese - PRC
RT_ICON
3
3.70555
296
UNKNOWN
Chinese - PRC
RT_ICON
4
6.5129
3752
UNKNOWN
Chinese - PRC
RT_ICON
5
6.72198
2216
UNKNOWN
Chinese - PRC
RT_ICON
6
5.61913
1384
UNKNOWN
Chinese - PRC
RT_ICON
7
5.10823
9640
UNKNOWN
Chinese - PRC
RT_ICON
8
5.61606
4264
UNKNOWN
Chinese - PRC
RT_ICON
9
6.05244
1128
UNKNOWN
Chinese - PRC
RT_ICON
4072
3.12352
944
UNKNOWN
UNKNOWN
RT_STRING

Imports

advapi32.dll
comctl32.dll
comdlg32.dll
fltlib.dll
gdi32.dll
kernel32.dll
ole32.dll
oleaut32.dll
shell32.dll
user32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
88
Monitored processes
14
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start toolwiz-time-freeze-3-2-0-2000-multi-win.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs toolwiz-time-freeze-3-2-0-2000-multi-win.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
336"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1276,i,5577206709300925455,18347522179522475262,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1004"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1400 --field-trial-handle=1364,i,4502468701934291708,3249733359107167459,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel32.dll
1120"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1560 --field-trial-handle=1276,i,5577206709300925455,18347522179522475262,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1476"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1652 --field-trial-handle=1276,i,5577206709300925455,18347522179522475262,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1792"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1548 --field-trial-handle=1276,i,5577206709300925455,18347522179522475262,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2964"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.toolwiz.com/installwelcome.php?app=timefreezeC:\Program Files\Microsoft\Edge\Application\msedge.exetoolwiz-time-freeze-3-2-0-2000-multi-win.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\sspicli.dll
3016"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0x170,0x174,0x178,0x144,0x184,0x6ea3f598,0x6ea3f5a8,0x6ea3f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sechost.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
3136"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1264 --field-trial-handle=1276,i,5577206709300925455,18347522179522475262,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3320"C:\Users\admin\AppData\Local\Temp\toolwiz-time-freeze-3-2-0-2000-multi-win.exe" C:\Users\admin\AppData\Local\Temp\toolwiz-time-freeze-3-2-0-2000-multi-win.exe
explorer.exe
User:
admin
Company:
Toolwiz
Integrity Level:
HIGH
Description:
Toolwiz TimeFreeze 2016
Exit code:
1073807364
Version:
3.2.0.2000
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\local\temp\toolwiz-time-freeze-3-2-0-2000-multi-win.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
3408"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6ea3f598,0x6ea3f5a8,0x6ea3f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
1073807364
Version:
109.0.1518.115
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
Total events
2 548
Read events
2 519
Write events
29
Delete events
0

Modification events

(PID) Process:(3320) toolwiz-time-freeze-3-2-0-2000-multi-win.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem
Operation:writeName:DisableDeleteNotification
Value:
0
(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
1
(PID) Process:(2964) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
2F5E1F4F685E2F00
(PID) Process:(2964) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
(PID) Process:(2964) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:usagestats
Value:
1
Executable files
4
Suspicious files
32
Text files
47
Unknown types
0

Dropped files

PID
Process
Filename
Type
3320toolwiz-time-freeze-3-2-0-2000-multi-win.exeC:\TOOLWIZTIMEFREEZE\TOOLWIZTIMEFREEZE.CACHE
MD5:
SHA256:
3408msedge.exe
MD5:
SHA256:
3320toolwiz-time-freeze-3-2-0-2000-multi-win.exeC:\TOOLWIZTIMEFREEZE\TOOLWIZTIMEFREEZE.CONFIGbinary
MD5:1914ADC891D2120673125F6477881304
SHA256:27240D7C4497E219207AB026AC77935101360652B22E88A9A1EB8DD3BDA06D32
3320toolwiz-time-freeze-3-2-0-2000-multi-win.exeC:\Users\admin\AppData\Local\Temp\4623718.initext
MD5:3342FB9DA8EA6439C071E8BFD2C9C0A1
SHA256:22C62EADFCD3CAAF65004620D289177A91FE99863A4179A9D74FD68161B7182E
3320toolwiz-time-freeze-3-2-0-2000-multi-win.exeC:\Program Files\Toolwiz Time Freeze 2016\ToolwizTimeFreeze.exeexecutable
MD5:240722914B86E6D5903AF092AB25C144
SHA256:8D9AC0EB2D0C316823666DD131C4193A80DEFF2A504DAA873F540D342765F39A
3804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF46e700.TMP
MD5:
SHA256:
3804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
2964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:6BBE1BFA3A9FEDA71E860D7BEE338526
SHA256:A7D313A5230EA1B2C67C3ACDC75D66F87D214E760AEBD7B2228A9EEBBAB5C897
2964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Last Versiontext
MD5:61FE7896F9494DCDF53480A325F4FB85
SHA256:ACFD3CD36E0DFCF1DCB67C7F31F2A5B9BA0815528A0C604D4330DFAA9E683E51
2964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Variationsbinary
MD5:961E3604F228B0D10541EBF921500C86
SHA256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
27
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1120
msedge.exe
GET
43.153.109.54:80
http://www.toolwiz.com/css/app.7a4fe3ab.css
US
suspicious
1120
msedge.exe
GET
43.153.109.54:80
http://www.toolwiz.com/css/chunk-vendors.7cd2823c.css
US
suspicious
1120
msedge.exe
GET
43.153.109.54:80
http://www.toolwiz.com/js/app.18a429a4.js
US
suspicious
1120
msedge.exe
GET
43.153.109.54:80
http://www.toolwiz.com/css/Avatar.0ab8f0d7.css
US
suspicious
1120
msedge.exe
GET
200
43.153.109.54:80
http://www.toolwiz.com/installwelcome.php?app=timefreeze
US
html
2.07 Kb
suspicious
GET
200
43.153.109.54:80
http://www.toolwiz.com/loading.css
US
text
608 b
suspicious
1120
msedge.exe
GET
200
2.23.209.32:80
http://assets.giocdn.com/2.1/gio.js
GB
text
36.4 Kb
whitelisted
1120
msedge.exe
GET
200
43.153.109.54:80
http://www.toolwiz.com/css/About.597efbe6.css
US
text
562 b
suspicious
1120
msedge.exe
GET
200
43.153.109.54:80
http://www.toolwiz.com/js/chunk-vendors.72e2deb9.js
US
text
360 Kb
suspicious
1120
msedge.exe
GET
200
43.153.109.54:80
http://www.toolwiz.com/js/streamSaver.js
US
text
3.46 Kb
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
1120
msedge.exe
43.153.109.54:80
www.toolwiz.com
Tencent Building, Kejizhongyi Avenue
US
unknown
1120
msedge.exe
2.23.209.32:80
assets.giocdn.com
Akamai International B.V.
GB
suspicious
1120
msedge.exe
163.171.242.53:443
api.growingio.com
QUANTILNETWORKS
US
malicious
1120
msedge.exe
157.240.0.35:443
www.facebook.com
FACEBOOK
US
suspicious
1120
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1120
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
224.0.0.252:5355
unknown
1120
msedge.exe
157.240.253.1:443
connect.facebook.net
whitelisted
1120
msedge.exe
2.23.209.130:443
www.bing.com
Akamai International B.V.
GB
malicious

DNS requests

Domain
IP
Reputation
nav-edge.smartscreen.microsoft.com
  • 20.67.143.122
whitelisted
www.toolwiz.com
  • 43.153.109.54
suspicious
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
config.edge.skype.com
  • 13.107.42.16
malicious
data-edge.smartscreen.microsoft.com
  • 20.67.143.122
whitelisted
assets.giocdn.com
  • 2.23.209.32
  • 2.23.209.49
whitelisted
connect.facebook.net
  • 157.240.253.1
whitelisted
api.growingio.com
  • 163.171.242.53
  • 138.113.69.46
malicious
www.facebook.com
  • 157.240.0.35
whitelisted
www.bing.com
  • 2.23.209.130
  • 2.23.209.187
whitelisted

Threats

No threats detected
Process
Message
toolwiz-time-freeze-3-2-0-2000-multi-win.exe
Note: Fail to connect to the Time Freeze engine, Error number:
toolwiz-time-freeze-3-2-0-2000-multi-win.exe
Note: Fail to connect to the Time Freeze engine, Error number:
toolwiz-time-freeze-3-2-0-2000-multi-win.exe
Note: Fail to connect to the Time Freeze engine, Error number:
toolwiz-time-freeze-3-2-0-2000-multi-win.exe
Note: Fail to connect to the Time Freeze engine, Error number:
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
toolwiz-time-freeze-3-2-0-2000-multi-win.exe