File name:

SynMultiInjRel.zip

Full analysis: https://app.any.run/tasks/9382eb40-b662-415b-80fb-ddeea64d77d2
Verdict: Malicious activity
Analysis date: April 17, 2025, 19:10:37
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-doc
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

5EFD18754F2BA287711890069B106A2A

SHA1:

F2746DBA45714FDDF3B12CC4FDD1DBAA2A532074

SHA256:

119AAA6EF1675DA84D3C30E6B95798373F19025565023FC47B2A5F9BF38B13A1

SSDEEP:

196608:OYiCCTbDRqbXCMyfvuOGLxaf0cKyvhVVY:nCGXC7HOSKKw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 7660)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 6584)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • msiexec.exe (PID: 3020)
      • Synapse Bootstrapper.exe (PID: 7748)

    • Reads security settings of Internet Explorer

      • Synapse Bootstrapper.exe (PID: 7400)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • Synapse Bootstrapper.exe (PID: 7748)

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 6584)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • Synapse Bootstrapper.exe (PID: 7748)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)

    • Starts itself from another location

      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)

    • Creates a software uninstall entry

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)

    • Searches for installed software

      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 3020)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 3020)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 3020)

    • Reads the date of Windows installation

      • Synapse Bootstrapper.exe (PID: 7748)

  • INFO

    • Checks supported languages

      • Synapse Bootstrapper.exe (PID: 7400)
      • identity_helper.exe (PID: 7928)
      • Synapse Launcher.exe (PID: 7756)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 6584)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • msiexec.exe (PID: 6656)
      • msiexec.exe (PID: 7468)
      • msiexec.exe (PID: 7884)
      • msiexec.exe (PID: 3020)
      • Synapse Bootstrapper.exe (PID: 7748)
      • msiexec.exe (PID: 8068)
      • identity_helper.exe (PID: 6268)
      • Synapse Launcher.exe (PID: 4200)
      • Synapse Launcher.exe (PID: 5304)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 7660)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 6584)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • msiexec.exe (PID: 3020)
      • Synapse Bootstrapper.exe (PID: 7748)
      • msedge.exe (PID: 4932)

    • Manual execution by a user

      • Synapse Bootstrapper.exe (PID: 7400)
      • Synapse Launcher.exe (PID: 7756)
      • Synapse Bootstrapper.exe (PID: 7748)
      • Taskmgr.exe (PID: 5324)
      • Taskmgr.exe (PID: 5596)
      • Synapse Launcher.exe (PID: 4200)

    • Reads the computer name

      • Synapse Bootstrapper.exe (PID: 7400)
      • identity_helper.exe (PID: 7928)
      • Synapse Launcher.exe (PID: 7756)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • msiexec.exe (PID: 3020)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • msiexec.exe (PID: 6656)
      • msiexec.exe (PID: 7468)
      • Synapse Bootstrapper.exe (PID: 7748)
      • msiexec.exe (PID: 7884)
      • msiexec.exe (PID: 8068)
      • Synapse Launcher.exe (PID: 5304)
      • Synapse Launcher.exe (PID: 4200)
      • identity_helper.exe (PID: 6268)

    • Application launched itself

      • msedge.exe (PID: 7436)
      • msedge.exe (PID: 1128)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7660)
      • msedge.exe (PID: 7436)
      • msiexec.exe (PID: 3020)
      • msedge.exe (PID: 4932)

    • Create files in a temporary directory

      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 6584)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • Synapse Bootstrapper.exe (PID: 7748)

    • Reads Environment values

      • identity_helper.exe (PID: 7928)
      • identity_helper.exe (PID: 6268)

    • Process checks computer location settings

      • windowsdesktop-runtime-6.0.36-win-x64 (1).exe (PID: 4452)
      • Synapse Bootstrapper.exe (PID: 7748)

    • Creates files in the program directory

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • Synapse Bootstrapper.exe (PID: 7748)
      • Synapse Launcher.exe (PID: 5304)

    • Reads the machine GUID from the registry

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6988)
      • msiexec.exe (PID: 3020)

    • Reads the software policy settings

      • msiexec.exe (PID: 3020)
      • slui.exe (PID: 4400)
      • Synapse Bootstrapper.exe (PID: 7748)
      • Synapse Launcher.exe (PID: 5304)
      • Synapse Launcher.exe (PID: 4200)

    • Checks proxy server information

      • Synapse Bootstrapper.exe (PID: 7748)
      • slui.exe (PID: 4400)
      • Synapse Launcher.exe (PID: 5304)
      • Synapse Launcher.exe (PID: 4200)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 3020)

    • Reads security settings of Internet Explorer

      • Taskmgr.exe (PID: 5596)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:07:29 23:05:08
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: net6.0-windows/autoexec/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
237
Monitored processes
97
Malicious processes
5
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs synapse bootstrapper.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs synapse launcher.exe no specs msedge.exe no specs windowsdesktop-runtime-6.0.36-win-x64 (1).exe windowsdesktop-runtime-6.0.36-win-x64 (1).exe windowsdesktop-runtime-6.0.36-win-x64.exe msiexec.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs synapse bootstrapper.exe msedge.exe no specs synapse launcher.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs taskmgr.exe no specs taskmgr.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs synapse launcher.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
616"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4900 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
736"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7896 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1012"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7088 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1056"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5508 --field-trial-handle=2248,i,8010624917283865166,17821387175517574837,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1128"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-windowC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1164"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3664 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1228"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2376 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1280"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6396 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=3820 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1348"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6464 --field-trial-handle=2384,i,13109011388148579246,17248894089889010689,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
28 717
Read events
27 711
Write events
959
Delete events
47

Modification events

(PID) Process:(7436) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(7400) Synapse Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(7400) Synapse Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7400) Synapse Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7400) Synapse Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7436) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(7436) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(7436) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(7436) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
B1D5367394912F00
(PID) Process:(7436) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
4FA9447394912F00
Executable files
590
Suspicious files
884
Text files
258
Unknown types
1

Dropped files

PID
Process
Filename
Type
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\Microsoft.Web.WebView2.WinForms.dllexecutable
MD5:9F744FB8CCBBC95054643A81A3E9F896
SHA256:00C21B95E9E8C9D3ACE56C4D0C77F03C7DAC331EE272FA3AB21EE8E6BBF96D28
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\Microsoft.Web.WebView2.WinForms.xmlxml
MD5:C09409AAC254F17C1C648E6F0464B035
SHA256:4B40E49AEC5DBDA597224F997D57A16645DDC2EB00F31A6329204D1853A2245A
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\scripthub\Dark Dex\image.pngimage
MD5:9233F73521CFDE4DCF3F643EE71EE881
SHA256:BDDF815291BA8EC763028494228C2446A98CE1563E9DD2F3D2F7789FD7E2F3C4
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\Microsoft.Web.WebView2.Wpf.dllexecutable
MD5:2081D284DB55879D63666DEBD8FB2831
SHA256:4A43AABA2FB388FA0C8147E88D70751730D6B26F1AA2549EE9EB8392B14A5496
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\Microsoft.Web.WebView2.Core.dllexecutable
MD5:1901B4219ADC066F3920AAABCE33A929
SHA256:E07E183025A4946D4111B7E410B84BAC5DC437B78CC92F98977AAB59A464205F
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\scripthub\Hydroxide\image.pngimage
MD5:0C0108F25A7FCC3AEAA52535A1A1D97D
SHA256:EF9BA24B890547EFDBFD2C42A48BB119BF744352F4A72D403F68D3DA377B6BFC
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\scripthub\Dark Dex\main.luatext
MD5:6473198FB2BC362815AD8321C437FE28
SHA256:0B6B0BBE86D18AEC7E1127BD6E8EA14B66AAF9283348E7EDE6D0C8A09C7EA6E5
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\scripthub\Remote Spy\description.txttext
MD5:5352E28B9E3B1E62FB833DFE52CF5A76
SHA256:1256083C7539C5A39AA656C201FAD69CA9EA8ECF03AB68F2F13C0D21CA3ADD4C
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\scripthub\Infinite Yield\image.pngimage
MD5:0DCC02F17B5CBF8E08C9132456F7037F
SHA256:F666077A0ED1029018408A94CEB20396DB21056A99B06F0B216E72FDBF433F52
7660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7660.37686\net6.0-windows\lib\scripthub\Infinite Yield\description.txttext
MD5:AB90104FF61F01E432353D0F513A0992
SHA256:45443E57C79786A487E91630BF55DB92958CEE8EA8573355E15474DAB62DD4EB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
41
TCP/UDP connections
113
DNS requests
128
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
8136
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
8136
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7436
msedge.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
7436
msedge.exe
GET
200
2.16.168.124:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5796
svchost.exe
HEAD
200
23.50.131.72:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5cbc98ff-b69b-4fda-ad94-17ec2f9cf48b?P1=1745353898&P2=404&P3=2&P4=dHaAOBMwsNfCxd5KrE6QgYgCtGawkBNwC7xMzE9CvvnANuPo%2fDAUWoUnqFCFEDU8p87W7HXztKQpt4uDHOM7ZQ%3d%3d
unknown
whitelisted
5796
svchost.exe
GET
206
23.50.131.72:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5cbc98ff-b69b-4fda-ad94-17ec2f9cf48b?P1=1745353898&P2=404&P3=2&P4=dHaAOBMwsNfCxd5KrE6QgYgCtGawkBNwC7xMzE9CvvnANuPo%2fDAUWoUnqFCFEDU8p87W7HXztKQpt4uDHOM7ZQ%3d%3d
unknown
whitelisted
5796
svchost.exe
GET
206
23.50.131.72:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5cbc98ff-b69b-4fda-ad94-17ec2f9cf48b?P1=1745353898&P2=404&P3=2&P4=dHaAOBMwsNfCxd5KrE6QgYgCtGawkBNwC7xMzE9CvvnANuPo%2fDAUWoUnqFCFEDU8p87W7HXztKQpt4uDHOM7ZQ%3d%3d
unknown
whitelisted
5796
svchost.exe
GET
206
23.50.131.72:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5cbc98ff-b69b-4fda-ad94-17ec2f9cf48b?P1=1745353898&P2=404&P3=2&P4=dHaAOBMwsNfCxd5KrE6QgYgCtGawkBNwC7xMzE9CvvnANuPo%2fDAUWoUnqFCFEDU8p87W7HXztKQpt4uDHOM7ZQ%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
20.190.159.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
8136
SIHClient.exe
4.245.163.56:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8136
SIHClient.exe
2.16.253.202:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.110
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 2.16.168.114
  • 2.16.168.124
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.159.2
  • 40.126.31.73
  • 20.190.159.68
  • 40.126.31.131
  • 40.126.31.0
  • 20.190.159.75
  • 40.126.31.67
  • 40.126.31.1
  • 20.190.160.14
  • 20.190.160.20
  • 20.190.160.67
  • 20.190.160.128
  • 20.190.160.131
  • 20.190.160.130
  • 20.190.160.4
  • 40.126.32.68
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
www.microsoft.com
  • 2.16.253.202
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SynMultiInjRel.zip