File name:

SynMultiInjRel.zip

Full analysis: https://app.any.run/tasks/9382eb40-b662-415b-80fb-ddeea64d77d2
Verdict: Malicious activity
Analysis date: April 17, 2025, 19:10:37
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-doc
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

5EFD18754F2BA287711890069B106A2A

SHA1:

F2746DBA45714FDDF3B12CC4FDD1DBAA2A532074

SHA256:

119AAA6EF1675DA84D3C30E6B95798373F19025565023FC47B2A5F9BF38B13A1

SSDEEP:

196608:OYiCCTbDRqbXCMyfvuOGLxaf0cKyvhVVY:nCGXC7HOSKKw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 6584)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • Synapse Bootstrapper.exe (PID: 7748)

    • Process drops legitimate windows executable

      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 6584)
      • WinRAR.exe (PID: 7660)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • msiexec.exe (PID: 3020)
      • Synapse Bootstrapper.exe (PID: 7748)

    • Searches for installed software

      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)

    • Reads security settings of Internet Explorer

      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • Synapse Bootstrapper.exe (PID: 7748)
      • Synapse Bootstrapper.exe (PID: 7400)

    • Starts itself from another location

      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 3020)

    • Creates a software uninstall entry

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 3020)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 3020)

    • Reads the date of Windows installation

      • Synapse Bootstrapper.exe (PID: 7748)

  • INFO

    • Checks supported languages

      • Synapse Bootstrapper.exe (PID: 7400)
      • Synapse Launcher.exe (PID: 7756)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 6584)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • msiexec.exe (PID: 3020)
      • msiexec.exe (PID: 7884)
      • msiexec.exe (PID: 8068)
      • msiexec.exe (PID: 7468)
      • msiexec.exe (PID: 6656)
      • Synapse Bootstrapper.exe (PID: 7748)
      • Synapse Launcher.exe (PID: 5304)
      • identity_helper.exe (PID: 6268)
      • Synapse Launcher.exe (PID: 4200)
      • identity_helper.exe (PID: 7928)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7660)
      • msedge.exe (PID: 7436)
      • msiexec.exe (PID: 3020)
      • msedge.exe (PID: 4932)

    • Reads the computer name

      • identity_helper.exe (PID: 7928)
      • Synapse Launcher.exe (PID: 7756)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • msiexec.exe (PID: 3020)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • msiexec.exe (PID: 7468)
      • msiexec.exe (PID: 7884)
      • msiexec.exe (PID: 8068)
      • msiexec.exe (PID: 6656)
      • Synapse Bootstrapper.exe (PID: 7748)
      • Synapse Launcher.exe (PID: 5304)
      • Synapse Launcher.exe (PID: 4200)
      • Synapse Bootstrapper.exe (PID: 7400)
      • identity_helper.exe (PID: 6268)

    • Application launched itself

      • msedge.exe (PID: 7436)
      • msedge.exe (PID: 1128)

    • Create files in a temporary directory

      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 6584)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • Synapse Bootstrapper.exe (PID: 7748)

    • Manual execution by a user

      • Synapse Launcher.exe (PID: 7756)
      • Synapse Bootstrapper.exe (PID: 7400)
      • Synapse Bootstrapper.exe (PID: 7748)
      • Taskmgr.exe (PID: 5324)
      • Taskmgr.exe (PID: 5596)
      • Synapse Launcher.exe (PID: 4200)

    • The sample compiled with english language support

      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 6584)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • msiexec.exe (PID: 3020)
      • Synapse Bootstrapper.exe (PID: 7748)
      • msedge.exe (PID: 4932)
      • WinRAR.exe (PID: 7660)

    • Process checks computer location settings

      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • Synapse Bootstrapper.exe (PID: 7748)

    • Creates files in the program directory

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • Synapse Bootstrapper.exe (PID: 7748)
      • Synapse Launcher.exe (PID: 5304)

    • Reads the machine GUID from the registry

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • msiexec.exe (PID: 3020)

    • Reads the software policy settings

      • msiexec.exe (PID: 3020)
      • slui.exe (PID: 4400)
      • Synapse Bootstrapper.exe (PID: 7748)
      • Synapse Launcher.exe (PID: 5304)
      • Synapse Launcher.exe (PID: 4200)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 3020)

    • Checks proxy server information

      • Synapse Bootstrapper.exe (PID: 7748)
      • slui.exe (PID: 4400)
      • Synapse Launcher.exe (PID: 5304)
      • Synapse Launcher.exe (PID: 4200)

    • Reads security settings of Internet Explorer

      • Taskmgr.exe (PID: 5596)

    • Reads Environment values

      • identity_helper.exe (PID: 6268)
      • identity_helper.exe (PID: 7928)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:07:29 23:05:08
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: net6.0-windows/autoexec/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
237
Monitored processes
97
Malicious processes
5
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs synapse bootstrapper.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs synapse launcher.exe no specs msedge.exe no specs windowsdesktop-runtime-6.0.36-win-x64 (1).exe windowsdesktop-runtime-6.0.36-win-x64 (1).exe windowsdesktop-runtime-6.0.36-win-x64.exe msiexec.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs synapse bootstrapper.exe msedge.exe no specs synapse launcher.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs taskmgr.exe no specs taskmgr.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs synapse launcher.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
616"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4900 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
736"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7896 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1012"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7088 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1056"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5508 --field-trial-handle=2248,i,8010624917283865166,17821387175517574837,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1128"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-windowC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1164"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3664 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1228"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2376 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1280"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6396 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=3820 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1348"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6464 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
28 717
Read events
27 711
Write events
959
Delete events
47

Modification events

(PID) Process:(7436) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(7400) Synapse Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(7400) Synapse Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7400) Synapse Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7400) Synapse Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7436) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(7436) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(7436) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(7436) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
B1D5367394912F00
(PID) Process:(7436) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
4FA9447394912F00
Executable files
590
Suspicious files
884
Text files
258
Unknown types
1

Dropped files

PID
Process
Filename
Type
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\Microsoft.Web.WebView2.Core.xmlxml
MD5:2AD7F32F641223B6800DB7B09BD871B6
SHA256:AA1ACA33EF3F5F710A684371087A5785352A737F407D61CFB92DE7C72C5480C9
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\Microsoft.Web.WebView2.Core.dllexecutable
MD5:1901B4219ADC066F3920AAABCE33A929
SHA256:E07E183025A4946D4111B7E410B84BAC5DC437B78CC92F98977AAB59A464205F
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\Microsoft.Web.WebView2.WinForms.xmlxml
MD5:C09409AAC254F17C1C648E6F0464B035
SHA256:4B40E49AEC5DBDA597224F997D57A16645DDC2EB00F31A6329204D1853A2245A
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\Microsoft.Web.WebView2.Wpf.dllexecutable
MD5:2081D284DB55879D63666DEBD8FB2831
SHA256:4A43AABA2FB388FA0C8147E88D70751730D6B26F1AA2549EE9EB8392B14A5496
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\Microsoft.Web.WebView2.WinForms.dllexecutable
MD5:9F744FB8CCBBC95054643A81A3E9F896
SHA256:00C21B95E9E8C9D3ACE56C4D0C77F03C7DAC331EE272FA3AB21EE8E6BBF96D28
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\Microsoft.Web.WebView2.Wpf.xmlxml
MD5:E37889B5F5157187C973A0C9AEA550F1
SHA256:2E533A08DA4D5E9E44DE5007B75811DC8F41C656782B003B77E318EA3DB370FE
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\Newtonsoft.Json.dllexecutable
MD5:ADF3E3EECDE20B7C9661E9C47106A14A
SHA256:22C649F75FCE5BE7C7CCDA8880473B634EF69ECF33F5D1AB8AD892CAF47D5A07
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\scripthub\Infinite Yield\image.pngimage
MD5:0DCC02F17B5CBF8E08C9132456F7037F
SHA256:F666077A0ED1029018408A94CEB20396DB21056A99B06F0B216E72FDBF433F52
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\scripthub\Hydroxide\main.luatext
MD5:A8981A7DFA0D795ACF73CD7F7BDDDA5F
SHA256:7A75AEFE0ECE51B0B39E89DA93D79F89D4E69DAD271624147358BC0FD9E7B0ED
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\scripthub\Remote Spy\image.pngimage
MD5:EF6C6EBED60BAB609B498DF168D7EAEA
SHA256:25768F244CF3FB6D3E6A1657A2A1E02422F2222D6D9A0965230F802D0758B3FD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
41
TCP/UDP connections
113
DNS requests
128
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
8136
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
8136
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7436
msedge.exe
GET
200
2.16.168.124:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7436
msedge.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
5796
svchost.exe
HEAD
200
23.50.131.72:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5cbc98ff-b69b-4fda-ad94-17ec2f9cf48b?P1=1745353898&P2=404&P3=2&P4=dHaAOBMwsNfCxd5KrE6QgYgCtGawkBNwC7xMzE9CvvnANuPo%2fDAUWoUnqFCFEDU8p87W7HXztKQpt4uDHOM7ZQ%3d%3d
unknown
whitelisted
5796
svchost.exe
GET
206
23.50.131.72:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5cbc98ff-b69b-4fda-ad94-17ec2f9cf48b?P1=1745353898&P2=404&P3=2&P4=dHaAOBMwsNfCxd5KrE6QgYgCtGawkBNwC7xMzE9CvvnANuPo%2fDAUWoUnqFCFEDU8p87W7HXztKQpt4uDHOM7ZQ%3d%3d
unknown
whitelisted
5796
svchost.exe
GET
206
23.50.131.72:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5cbc98ff-b69b-4fda-ad94-17ec2f9cf48b?P1=1745353898&P2=404&P3=2&P4=dHaAOBMwsNfCxd5KrE6QgYgCtGawkBNwC7xMzE9CvvnANuPo%2fDAUWoUnqFCFEDU8p87W7HXztKQpt4uDHOM7ZQ%3d%3d
unknown
whitelisted
5796
svchost.exe
GET
206
23.50.131.72:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5cbc98ff-b69b-4fda-ad94-17ec2f9cf48b?P1=1745353898&P2=404&P3=2&P4=dHaAOBMwsNfCxd5KrE6QgYgCtGawkBNwC7xMzE9CvvnANuPo%2fDAUWoUnqFCFEDU8p87W7HXztKQpt4uDHOM7ZQ%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
20.190.159.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
8136
SIHClient.exe
4.245.163.56:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8136
SIHClient.exe
2.16.253.202:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.110
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 2.16.168.114
  • 2.16.168.124
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.159.2
  • 40.126.31.73
  • 20.190.159.68
  • 40.126.31.131
  • 40.126.31.0
  • 20.190.159.75
  • 40.126.31.67
  • 40.126.31.1
  • 20.190.160.14
  • 20.190.160.20
  • 20.190.160.67
  • 20.190.160.128
  • 20.190.160.131
  • 20.190.160.130
  • 20.190.160.4
  • 40.126.32.68
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
www.microsoft.com
  • 2.16.253.202
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SynMultiInjRel.zip