URL:

https://www.canva.com/design/DAGvaQgx3o8/Fd52Bxtu8pC8o_rdR2xa6w/view?utm_content=DAGvaQgx3o8&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=h528298c402

Full analysis: https://app.any.run/tasks/6e635e48-89ab-4492-a9ab-1e25d6a44c25
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: August 07, 2025, 18:14:17
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
possible-phishing
simplehelp
rmm-tool
adware
Indicators:
MD5:

B823A3FFEE61A7E7600894CD5E728A4C

SHA1:

DA69F9A22E2534E4B9179B7B35CE0BE7EEF6614B

SHA256:

061152DA21D1D5AE0C301451C6C97C32F8B93B50E54E9DB50FC1993AFF54302E

SSDEEP:

3:N8DSLHTiAWDN7s9U6+RndQphGAL+GlEomAGN/MRI6jRIYzTEtQWYMUQt9DEgMdG7:2OLNS7s9U6+xdQHXxRmtN/MRIHTiWhJD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • SIMPLEHELP has been detected

      • msedge.exe (PID: 6128)
      • View documents.exe (PID: 1352)
      • View documents.exe (PID: 3672)
      • SimpleService.exe (PID: 2848)
      • Remote Access Service.exe (PID: 7280)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • View documents.exe (PID: 1352)
      • Remote Access.exe (PID: 7744)

    • Reads security settings of Internet Explorer

      • View documents.exe (PID: 1352)

    • Process drops legitimate windows executable

      • View documents.exe (PID: 1352)

    • The process drops C-runtime libraries

      • View documents.exe (PID: 1352)

    • Access to an unwanted program domain was detected

      • View documents.exe (PID: 1352)

    • Uses ICACLS.EXE to modify access control lists

      • Remote Access.exe (PID: 7744)
      • Remote Access.exe (PID: 1980)

    • Executes as Windows Service

      • SimpleService.exe (PID: 2848)

    • Creates or modifies Windows services

      • Remote Access.exe (PID: 1980)

    • Suspicious use of NETSH.EXE

      • Remote Access.exe (PID: 1980)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • Remote Access.exe (PID: 1980)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 6128)

    • Checks supported languages

      • identity_helper.exe (PID: 7632)
      • View documents.exe (PID: 1352)
      • windowslauncher.exe (PID: 7868)
      • View documents.exe (PID: 3672)
      • Remote Access.exe (PID: 7744)
      • SimpleService.exe (PID: 4688)
      • SimpleService.exe (PID: 7524)
      • SimpleService.exe (PID: 2848)
      • Remote Access Service.exe (PID: 7280)
      • Remote Access.exe (PID: 1980)

    • Reads Environment values

      • identity_helper.exe (PID: 7632)

    • Reads the computer name

      • identity_helper.exe (PID: 7632)
      • View documents.exe (PID: 1352)
      • View documents.exe (PID: 3672)
      • SimpleService.exe (PID: 4688)
      • SimpleService.exe (PID: 7524)
      • SimpleService.exe (PID: 2848)
      • Remote Access.exe (PID: 1980)

    • SIMPLEHELP has been detected

      • View documents.exe (PID: 1352)
      • icacls.exe (PID: 6900)
      • Remote Access.exe (PID: 7744)
      • SimpleService.exe (PID: 4688)
      • SimpleService.exe (PID: 7524)
      • SimpleService.exe (PID: 2848)
      • Remote Access.exe (PID: 1980)
      • icacls.exe (PID: 3392)

    • Creates files in the program directory

      • View documents.exe (PID: 1352)
      • View documents.exe (PID: 3672)
      • Remote Access.exe (PID: 7744)
      • Remote Access Service.exe (PID: 7280)
      • Remote Access.exe (PID: 1980)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6128)

    • Checks proxy server information

      • View documents.exe (PID: 1352)

    • Creates files or folders in the user directory

      • View documents.exe (PID: 1352)

    • The sample compiled with english language support

      • View documents.exe (PID: 1352)

    • Reads CPU info

      • View documents.exe (PID: 1352)
      • View documents.exe (PID: 3672)
      • Remote Access.exe (PID: 7744)
      • Remote Access.exe (PID: 1980)

    • Reads the machine GUID from the registry

      • View documents.exe (PID: 1352)
      • View documents.exe (PID: 3672)
      • Remote Access.exe (PID: 1980)

    • Create files in a temporary directory

      • View documents.exe (PID: 1352)
      • View documents.exe (PID: 3672)
      • Remote Access.exe (PID: 7744)

    • Process checks computer location settings

      • View documents.exe (PID: 1352)
      • View documents.exe (PID: 3672)
      • Remote Access.exe (PID: 7744)
      • Remote Access.exe (PID: 1980)

    • Reads security settings of Internet Explorer

      • netsh.exe (PID: 7340)
      • netsh.exe (PID: 3836)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
199
Monitored processes
62
Malicious processes
5
Suspicious processes
2

Behavior graph

Click at the process to see the details
start THREAT msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs view documents.exe no specs THREAT view documents.exe windowslauncher.exe no specs view documents.exe no specs THREAT view documents.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs remote access.exe icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs simpleservice.exe no specs simpleservice.exe no specs THREAT simpleservice.exe no specs THREAT remote access service.exe no specs remote access.exe icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
188"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2592,i,8815223684982981612,8234753224307756426,262144 --variations-seed-version --mojo-platform-channel-handle=2588 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1192"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x304,0x308,0x30c,0x2fc,0x314,0x7ffc4440f208,0x7ffc4440f214,0x7ffc4440f220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1336icacls "C:\ProgramData\JWrapper-Remote Access\JWAppsSharedConfig\SimpleGatewayService\Remote Access Service.exe" /t /c /grant *S-1-5-32-545:RXC:\Windows\System32\icacls.exeRemote Access.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ntmarta.dll
1352"C:\Users\admin\Downloads\View documents.exe" C:\Users\admin\Downloads\View documents.exe
msedge.exe
User:
admin
Company:
SimpleHelp Ltd
Integrity Level:
HIGH
Description:
SimpleHelp Remote Access Client
Version:
5.5.12.0
Modules
Images
c:\users\admin\downloads\view documents.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wininet.dll
1980"C:\ProgramData\JWrapper-Remote Access\JWrapper-Remote Access Bundle-00116168152\JWrapper-Windows64JRE-00116155100-complete\bin\Remote Access.exe" "-Xmx256m" "-Xms5m" "-XX:MinHeapFreeRatio=15" "-XX:MaxHeapFreeRatio=30" "-Djava.util.Arrays.useLegacyMergeSort=true" "-Djava.net.preferIPv4Stack=true" "-Dsun.java2d.dpiaware=true" "-Dsun.java2d.uiScale.enabled=false" "-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3" "-Djdk.attach.allowAttachSelf=true" "-Dapple.awt.UIElement=true" "-Xrs" "-cp" "C:\ProgramData\JWrapper-Remote Access\JWrapper-Remote Access Bundle-00116168152\JWrapper-JWrapper-00116168074-complete\jwrapperlib\jwstandalonelaunch.jar;C:\ProgramData\JWrapper-Remote Access\JWrapper-Remote Access Bundle-00116168152\JWrapper-JWrapper-00116168074-complete\jwagent.jar" "jwrapper.updater.GenericUpdaterLaunch" "C:\ProgramData\JWrapper-Remote Access\JWrapper-Remote Access Bundle-00116168152\JWrapper-JWrapper-00116168074-complete\unrestricted\JWLaunchProperties-2243842663-24" C:\ProgramData\JWrapper-Remote Access\JWrapper-Remote Access Bundle-00116168152\JWrapper-Windows64JRE-00116155100-complete\bin\Remote Access.exe
Remote Access Service.exe
User:
SYSTEM
Company:
SimpleHelp Ltd
Integrity Level:
SYSTEM
Description:
SimpleHelp Remote Access Client
Version:
5.5.12.0
Modules
Images
c:\programdata\jwrapper-remote access\jwrapper-remote access bundle-00116168152\jwrapper-windows64jre-00116155100-complete\bin\remote access.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\programdata\jwrapper-remote access\jwrapper-remote access bundle-00116168152\jwrapper-windows64jre-00116155100-complete\bin\api-ms-win-core-console-l1-1-0.dll
c:\programdata\jwrapper-remote access\jwrapper-remote access bundle-00116168152\jwrapper-windows64jre-00116155100-complete\bin\api-ms-win-core-console-l1-2-0.dll
c:\programdata\jwrapper-remote access\jwrapper-remote access bundle-00116168152\jwrapper-windows64jre-00116155100-complete\bin\api-ms-win-core-datetime-l1-1-0.dll
c:\programdata\jwrapper-remote access\jwrapper-remote access bundle-00116168152\jwrapper-windows64jre-00116155100-complete\bin\api-ms-win-core-debug-l1-1-0.dll
2132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2220,i,8815223684982981612,8234753224307756426,262144 --variations-seed-version --mojo-platform-channel-handle=2672 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2276icacls "C:\ProgramData\JWrapper-Remote Access\JWAppsSharedConfig\SimpleGatewayService\Remote Access Service.exe" /t /c /grant *S-1-5-32-545:RXC:\Windows\System32\icacls.exeRemote Access.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ntmarta.dll
2400"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3660,i,8815223684982981612,8234753224307756426,262144 --variations-seed-version --mojo-platform-channel-handle=3172 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2848"C:\ProgramData\JWrapper-Remote Access\JWAppsSharedConfig\restricted\SimpleService.exe"C:\ProgramData\JWrapper-Remote Access\JWAppsSharedConfig\restricted\SimpleService.exe
services.exe
User:
SYSTEM
Company:
Integrity Level:
SYSTEM
Description:
Application to manage service installation on Windows
Version:
5.5-SNAPSH0
Modules
Images
c:\programdata\jwrapper-remote access\jwappssharedconfig\restricted\simpleservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
3392icacls "C:\ProgramData\JWrapper-Remote Access" /t /remove *S-1-1-0C:\Windows\System32\icacls.exeRemote Access.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ntmarta.dll
Total events
9 248
Read events
9 180
Write events
52
Delete events
16

Modification events

(PID) Process:(6128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(6128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(6128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6128) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
8051F5B5609A2F00
(PID) Process:(6128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\656180
Operation:writeName:WindowTabManagerFileMappingId
Value:
{89E0C766-72A8-4B56-AB06-3BE75BC8E099}
(PID) Process:(6128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\656180
Operation:writeName:WindowTabManagerFileMappingId
Value:
{B6F418D8-E494-45A1-AB38-39ED1C3D18F8}
(PID) Process:(6128) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\656180
Operation:writeName:WindowTabManagerFileMappingId
Value:
{8C5FC79A-11F7-4526-B030-68C96F549CBB}
Executable files
108
Suspicious files
276
Text files
198
Unknown types
48

Dropped files

PID
Process
Filename
Type
6128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF18da0f.TMP
MD5:
SHA256:
6128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
6128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF18da1f.TMP
MD5:
SHA256:
6128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF18da1f.TMP
MD5:
SHA256:
6128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF18da2e.TMP
MD5:
SHA256:
6128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF18da2e.TMP
MD5:
SHA256:
6128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
6128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF18da3e.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
61
TCP/UDP connections
75
DNS requests
61
Threats
63

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2132
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:d2SEtMYNC3jEx7ehekmQfFhib--uuyeR0a3TJsIYzSk&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.32.97.216:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3948
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1352
View documents.exe
GET
200
64.20.48.40:443
http://64.20.48.40:443/access/JWrapper-Windows64JRE-version.txt?time=2243824503&platform=windows-intel-64&osid=w10-0-19045
unknown
unknown
1352
View documents.exe
GET
200
64.20.48.40:443
http://64.20.48.40:443/access/JWrapper-Windows64JRE-version.txt?time=2243824503&platform=windows-intel-64&osid=w10-0-19045
unknown
unknown
1352
View documents.exe
GET
200
64.20.48.40:443
http://64.20.48.40:443/access/JWrapper-Remote%20Access-version.txt?platform=windows-intel-64&osid=w10-0-19045&guv=00116168074
unknown
unknown
1352
View documents.exe
GET
200
64.20.48.40:443
http://64.20.48.40:443/access/JWrapper-Windows64JRE-version.txt?time=2243824503&platform=windows-intel-64&osid=w10-0-19045
unknown
unknown
1352
View documents.exe
GET
200
64.20.48.40:443
http://64.20.48.40:443/access/JWrapper-JWrapper-version.txt?platform=windows-intel-64&osid=w10-0-19045&guv=00116168074
unknown
unknown
1352
View documents.exe
GET
200
64.20.48.40:443
http://64.20.48.40:443/access/JWrapper-Remote%20Access-version.txt?platform=windows-intel-64&osid=w10-0-19045&guv=00116168074
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5944
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2112
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2132
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2132
msedge.exe
104.16.102.112:443
www.canva.com
CLOUDFLARENET
whitelisted
2132
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2132
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2132
msedge.exe
92.123.104.47:443
copilot.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.206
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
www.canva.com
  • 104.16.102.112
  • 104.16.103.112
whitelisted
copilot.microsoft.com
  • 92.123.104.47
  • 92.123.104.63
  • 92.123.104.45
whitelisted
static.canva.com
  • 104.16.103.112
  • 104.16.102.112
whitelisted
www.bing.com
  • 104.126.37.123
  • 104.126.37.136
  • 104.126.37.154
  • 104.126.37.128
  • 104.126.37.185
  • 104.126.37.131
  • 104.126.37.144
whitelisted
o13855.ingest.sentry.io
  • 34.120.195.249
whitelisted
static.cloudflareinsights.com
  • 104.16.80.73
  • 104.16.79.73
whitelisted

Threats

PID
Process
Class
Message
2132
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
2132
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
2132
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
2132
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
2132
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] An application monitoring request to sentry .io
2132
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] An application monitoring request to sentry .io
2132
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
2132
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
2132
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
2132
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.canva.com/design/DAGvaQgx3o8/Fd52Bxtu8pC8o_rdR2xa6w/view?utm_content=DAGvaQgx3o8&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=h528298c402