URL:

https://crackhow4.com/

Full analysis: https://app.any.run/tasks/98aa69bb-df67-40ea-b433-01f7f4cf151e
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: February 16, 2026, 19:36:49
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
adware
innosetup
delphi
inno
installer
stealer
auto
generic
websocket
advancedinstaller
t9000
backdoor
lua
python
Indicators:
MD5:

CFBB14E16C9D2B5E9F2B4CEF7CD150A3

SHA1:

07A6AAD3F7246FD7600F30426B8B0B8E7DEE24C5

SHA256:

29EA33D5A002BF04C23F748AFDB44DCAC90E8980B153D6B1A3B28D5D11DCE392

SSDEEP:

3:N8KWGG:2K0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • INNOSETUP has been detected (SURICATA)

      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1672)

    • Executing a file with an untrusted certificate

      • eld1.exe (PID: 32)
      • eld4.exe (PID: 3232)

    • Steals credentials from Web Browsers

      • eld1.exe (PID: 32)

    • Actions looks like stealing of personal data

      • eld1.exe (PID: 32)

    • Changes powershell execution policy (Bypass)

      • eld1.exe (PID: 32)

    • Downloads the requested resource (POWERSHELL)

      • powershell.exe (PID: 8912)

    • Adds path to the Windows Defender exclusion list

      • eld2.exe (PID: 3092)
      • Grannies.exe (PID: 8552)

    • Changes Windows Defender settings

      • eld2.exe (PID: 3092)

    • GENERIC has been found (auto)

      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1672)
      • eld3.exe (PID: 3208)

    • Creates a new scheduled task via Registry

      • msiexec.exe (PID: 8744)

    • Creates scheduled task from XML file

      • nightspots.exe (PID: 1908)
      • nightspots.exe (PID: 5044)
      • nightspots.exe (PID: 8944)

    • Uses Task Scheduler to run other applications

      • nightspots.exe (PID: 1908)
      • nightspots.exe (PID: 5044)
      • nightspots.exe (PID: 8944)

    • ADVANCEDINSTALLER has been detected (SURICATA)

      • msiexec.exe (PID: 6928)

    • Create files in the Startup directory

      • Grannies.exe (PID: 8552)

    • T9000 has been detected (YARA)

      • Bend.exe (PID: 8448)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1672)
      • eld4.exe (PID: 3232)
      • msiexec.exe (PID: 4788)

    • Access to an unwanted program domain was detected

      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1672)
      • msiexec.exe (PID: 6928)

    • Possible stealing from crypto wallets

      • eld1.exe (PID: 32)

    • Searches for installed software

      • eld1.exe (PID: 32)

    • Possible stealing from browsers

      • eld1.exe (PID: 32)

    • Possible stealing of email data

      • eld1.exe (PID: 32)

    • Possible stealing of messenger data

      • eld1.exe (PID: 32)

    • Probably download files using WebClient

      • eld1.exe (PID: 32)

    • Possible stealing from password managers

      • eld1.exe (PID: 32)

    • Possibly malicious use of IEX has been detected

      • powershell.exe (PID: 8912)

    • Found IP address in command line

      • powershell.exe (PID: 8912)

    • The process bypasses the loading of PowerShell profile settings

      • eld1.exe (PID: 32)

    • Starts POWERSHELL.EXE for commands execution

      • eld1.exe (PID: 32)
      • eld2.exe (PID: 3092)
      • Grannies.exe (PID: 8552)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 8912)

    • Gets or sets the security protocol (POWERSHELL)

      • powershell.exe (PID: 8912)

    • Script adds exclusion path to Windows Defender

      • eld2.exe (PID: 3092)
      • Grannies.exe (PID: 8552)

    • Possible path obfuscation (POWERSHELL)

      • powershell.exe (PID: 8912)

    • Gets path to any of the special folders (POWERSHELL)

      • powershell.exe (PID: 8912)

    • Uses sleep to delay execution (POWERSHELL)

      • powershell.exe (PID: 8912)

    • Executes as Windows Service

      • wscl.exe (PID: 7532)

    • ADVANCEDINSTALLER mutex has been found

      • eld4.exe (PID: 3232)

    • Checks for Java to be installed

      • msiexec.exe (PID: 1884)
      • msiexec.exe (PID: 6928)

    • Runs shell command (SCRIPT)

      • msiexec.exe (PID: 6928)

    • Uses TASKKILL.EXE to kill process

      • msiexec.exe (PID: 6928)

    • Probably fake Windows Update file has been dropped

      • eld4.exe (PID: 3232)
      • msiexec.exe (PID: 4788)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 4788)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • Grannies.exe (PID: 8552)

    • The process executes via Task Scheduler

      • Bend.exe (PID: 8284)
      • satiric.exe (PID: 2284)
      • Bend.exe (PID: 8940)
      • satiric.exe (PID: 6224)
      • satiric.exe (PID: 4364)
      • Bend.exe (PID: 7120)
      • Bend.exe (PID: 5680)
      • satiric.exe (PID: 7080)
      • satiric.exe (PID: 5424)
      • satiric.exe (PID: 6632)
      • satiric.exe (PID: 6324)

    • Process drops python dynamic module

      • powershell.exe (PID: 8912)

    • Loads Python modules

      • installer_helper_64.exe (PID: 8640)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 8504)

    • Reads Environment values

      • identity_helper.exe (PID: 3588)
      • eld4.exe (PID: 3232)
      • msiexec.exe (PID: 1884)
      • msiexec.exe (PID: 6928)

    • Drops script file

      • msedge.exe (PID: 8504)
      • msedge.exe (PID: 5776)
      • powershell.exe (PID: 8912)
      • powershell.exe (PID: 4936)
      • powershell.exe (PID: 8548)
      • powershell.exe (PID: 6788)
      • powershell.exe (PID: 7104)
      • powershell.exe (PID: 8256)
      • powershell.exe (PID: 32)

    • Checks supported languages

      • identity_helper.exe (PID: 3588)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1400)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.exe (PID: 1984)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.exe (PID: 4664)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1672)
      • eld1.exe (PID: 32)
      • eld2.exe (PID: 3092)
      • Grannies.exe (PID: 8552)
      • eld3.exe (PID: 3208)
      • wscl.exe (PID: 7532)
      • eld4.exe (PID: 3232)
      • msiexec.exe (PID: 1884)
      • msiexec.exe (PID: 4788)
      • msiexec.exe (PID: 6928)
      • Bend.exe (PID: 8448)
      • satiric.exe (PID: 144)
      • msiexec.exe (PID: 8744)
      • nightspots.exe (PID: 1908)
      • Bend.exe (PID: 8284)
      • Bend.exe (PID: 9116)
      • nightspots.exe (PID: 5044)
      • satiric.exe (PID: 2284)
      • nightspots.exe (PID: 8944)
      • Bend.exe (PID: 8940)
      • satiric.exe (PID: 6224)
      • satiric.exe (PID: 4364)
      • Bend.exe (PID: 7120)
      • Bend.exe (PID: 5680)
      • satiric.exe (PID: 7080)
      • satiric.exe (PID: 5424)
      • satiric.exe (PID: 6632)
      • installer_helper_64.exe (PID: 8640)
      • Bend.exe (PID: 7524)
      • satiric.exe (PID: 1432)
      • satiric.exe (PID: 6324)

    • Reads the computer name

      • identity_helper.exe (PID: 3588)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1400)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.exe (PID: 4664)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1672)
      • eld1.exe (PID: 32)
      • eld2.exe (PID: 3092)
      • eld3.exe (PID: 3208)
      • wscl.exe (PID: 7532)
      • eld4.exe (PID: 3232)
      • msiexec.exe (PID: 1884)
      • msiexec.exe (PID: 4788)
      • msiexec.exe (PID: 6928)
      • Bend.exe (PID: 8448)
      • satiric.exe (PID: 144)
      • msiexec.exe (PID: 8744)
      • Bend.exe (PID: 9116)
      • satiric.exe (PID: 2284)
      • Bend.exe (PID: 8284)
      • Bend.exe (PID: 8940)
      • satiric.exe (PID: 6224)
      • satiric.exe (PID: 4364)
      • Bend.exe (PID: 7120)
      • Bend.exe (PID: 5680)
      • satiric.exe (PID: 7080)
      • satiric.exe (PID: 5424)
      • satiric.exe (PID: 6632)
      • Bend.exe (PID: 7524)
      • installer_helper_64.exe (PID: 8640)
      • satiric.exe (PID: 1432)
      • satiric.exe (PID: 6324)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 8504)

    • Manual execution by a user

      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.exe (PID: 1984)
      • mmc.exe (PID: 5772)
      • mmc.exe (PID: 8496)
      • satiric.exe (PID: 1432)
      • Bend.exe (PID: 7524)

    • Create files in a temporary directory

      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.exe (PID: 1984)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.exe (PID: 4664)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1672)
      • eld2.exe (PID: 3092)
      • eld3.exe (PID: 3208)
      • msiexec.exe (PID: 1884)
      • eld4.exe (PID: 3232)
      • msiexec.exe (PID: 6928)
      • Grannies.exe (PID: 8552)
      • nightspots.exe (PID: 5044)
      • nightspots.exe (PID: 1908)
      • nightspots.exe (PID: 8944)

    • Reads security settings of Internet Explorer

      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1400)
      • eld2.exe (PID: 3092)
      • eld3.exe (PID: 3208)
      • eld4.exe (PID: 3232)
      • msiexec.exe (PID: 6928)
      • mmc.exe (PID: 8496)
      • installer_helper_64.exe (PID: 8640)

    • Process checks computer location settings

      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1400)
      • msiexec.exe (PID: 6928)

    • Compiled with Borland Delphi (YARA)

      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.exe (PID: 1984)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1400)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.exe (PID: 4664)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1672)
      • eld1.exe (PID: 32)

    • Detects InnoSetup installer (YARA)

      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.exe (PID: 1984)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1400)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.exe (PID: 4664)
      • eld1.exe (PID: 32)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1672)

    • Checks proxy server information

      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1672)
      • slui.exe (PID: 5404)
      • powershell.exe (PID: 8912)
      • eld2.exe (PID: 3092)
      • eld4.exe (PID: 3232)
      • msiexec.exe (PID: 6928)
      • installer_helper_64.exe (PID: 8640)

    • Reads the machine GUID from the registry

      • eld1.exe (PID: 32)
      • eld4.exe (PID: 3232)
      • msiexec.exe (PID: 4788)
      • Bend.exe (PID: 8448)
      • msiexec.exe (PID: 6928)
      • installer_helper_64.exe (PID: 8640)

    • Disables trace logs

      • powershell.exe (PID: 8912)

    • Converts byte array into ASCII string (POWERSHELL)

      • powershell.exe (PID: 8912)

    • Gets a random number, or selects objects randomly from a collection (POWERSHELL)

      • powershell.exe (PID: 8912)

    • Gets data length (POWERSHELL)

      • powershell.exe (PID: 8912)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 8912)
      • powershell.exe (PID: 4936)
      • powershell.exe (PID: 8548)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 8548)
      • powershell.exe (PID: 4936)
      • powershell.exe (PID: 6788)
      • powershell.exe (PID: 7104)
      • powershell.exe (PID: 8256)
      • powershell.exe (PID: 32)

    • User-Agent configuration (POWERSHELL)

      • powershell.exe (PID: 8912)

    • Creates files or folders in the user directory

      • eld2.exe (PID: 3092)
      • eld4.exe (PID: 3232)
      • msiexec.exe (PID: 6928)
      • Grannies.exe (PID: 8552)
      • installer_helper_64.exe (PID: 8640)

    • Reads Microsoft Office registry keys

      • msiexec.exe (PID: 1884)
      • msiexec.exe (PID: 6928)

    • Creates files in the program directory

      • Grannies.exe (PID: 8552)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1672)
      • satiric.exe (PID: 144)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 4788)
      • CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp (PID: 1672)

    • NirSoft software is detected

      • satiric.exe (PID: 144)
      • satiric.exe (PID: 2284)
      • satiric.exe (PID: 6224)
      • satiric.exe (PID: 4364)
      • satiric.exe (PID: 7080)
      • satiric.exe (PID: 5424)
      • satiric.exe (PID: 6632)
      • satiric.exe (PID: 1432)
      • satiric.exe (PID: 6324)

    • Launching a file from the Startup directory

      • Grannies.exe (PID: 8552)

    • There is functionality for taking screenshot (YARA)

      • satiric.exe (PID: 144)

    • The process uses Lua

      • Bend.exe (PID: 8448)

    • The executable file from the user directory is run by the Powershell process

      • installer_helper_64.exe (PID: 8640)

    • Python executable

      • installer_helper_64.exe (PID: 8640)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
279
Monitored processes
118
Malicious processes
15
Suspicious processes
4

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs msedge.exe no specs capcut pro 8 1 1 3417 crack for pc free download 2026.exe no specs capcut pro 8 1 1 3417 crack for pc free download 2026.tmp no specs capcut pro 8 1 1 3417 crack for pc free download 2026.exe #INNOSETUP capcut pro 8 1 1 3417 crack for pc free download 2026.tmp msedge.exe no specs msedge.exe no specs eld1.exe msedge.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs powershell.exe conhost.exe no specs msedge.exe no specs msedge.exe no specs eld2.exe powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs grannies.exe powershell.exe no specs conhost.exe no specs #GENERIC eld3.exe no specs powershell.exe no specs conhost.exe no specs wscl.exe powershell.exe no specs conhost.exe no specs eld4.exe msiexec.exe no specs powershell.exe no specs conhost.exe no specs msiexec.exe no specs msiexec.exe no specs #ADVANCEDINSTALLER msiexec.exe taskkill.exe no specs conhost.exe no specs explorer.exe no specs msiexec.exe no specs #T9000 bend.exe satiric.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs nightspots.exe no specs schtasks.exe no specs conhost.exe no specs bend.exe no specs bend.exe no specs nightspots.exe no specs schtasks.exe no specs conhost.exe no specs satiric.exe no specs nightspots.exe no specs schtasks.exe no specs conhost.exe no specs bend.exe no specs explorer.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs satiric.exe no specs satiric.exe no specs msedge.exe no specs mmc.exe no specs mmc.exe bend.exe no specs bend.exe no specs satiric.exe no specs satiric.exe no specs msedge.exe no specs satiric.exe no specs satiric.exe no specs installer_helper_64.exe bend.exe no specs msedge.exe no specs msedge.exe no specs satiric.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
32"C:\Users\admin\AppData\Local\Temp\is-G34X175301.tmp\eld1.exe"C:\Users\admin\AppData\Local\Temp\is-G34X175301.tmp\eld1.exe
CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp
User:
admin
Company:
Telegram FZ-LLC
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-g34x175301.tmp\eld1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
32powershell -Command "Add-MpPreferencaO68a1aO68a1 -ExclusionPath \"C:\Users\admin\AppData\Local\Temp\nsc690F.tmp\""C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeGrannies.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
144"C:\Program Files (x86)\Creationists\satiric.exe"C:\Program Files (x86)\Creationists\satiric.exeGrannies.exe
User:
admin
Company:
NirSoft
Integrity Level:
HIGH
Description:
SoundVolumeView
Exit code:
0
Version:
2.26
Modules
Images
c:\program files (x86)\creationists\satiric.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
272\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
684"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7776,i,1565264134983572760,3068057003449102779,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=7832 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
752"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6028,i,1565264134983572760,3068057003449102779,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
1116"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=4448,i,1565264134983572760,3068057003449102779,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1200\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetsh.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1352"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=5132,i,1565264134983572760,3068057003449102779,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1400"C:\Users\admin\AppData\Local\Temp\is-TPCHB5A4WV.tmp\CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmp" /SL5="$D021E,893440,893440,C:\Users\admin\Desktop\CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.exe" C:\Users\admin\AppData\Local\Temp\is-TPCHB5A4WV.tmp\CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.tmpCapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1054.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-tpchb5a4wv.tmp\capcut pro 8 1 1 3417 crack for pc free download 2026.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
Total events
60 274
Read events
60 094
Write events
169
Delete events
11

Modification events

(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Downloads\chromium_build 1.zip
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Downloads\CapCut Pro 8 1 1 3417 Crack For PC Free Download 2026.zip
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(8912) powershell.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(8912) powershell.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
Executable files
1
Suspicious files
26
Text files
226
Unknown types
413

Dropped files

PID
Process
Filename
Type
8504msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1e5409.TMP
MD5:
SHA256:
8504msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
8504msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1e5419.TMP
MD5:
SHA256:
8504msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1e5419.TMP
MD5:
SHA256:
8504msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
8504msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1e5429.TMP
MD5:
SHA256:
8504msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
8504msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1e5419.TMP
MD5:
SHA256:
8504msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
8504msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
347
TCP/UDP connections
218
DNS requests
176
Threats
46

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6472
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:zcRuvh5PCoH8G0RmpPXzXxA5_wVHogjLBvH06fIdS1k&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
6472
msedge.exe
GET
200
107.161.175.49:443
https://crackhow4.com/wp-content/boost-cache/static/1bb9837418.min.js
unknown
binary
9.82 Kb
unknown
6472
msedge.exe
GET
200
172.66.171.172:443
https://static.addtoany.com/menu/page.js
unknown
binary
3.38 Kb
unknown
6472
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=66&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0
unknown
binary
4.30 Kb
whitelisted
6472
msedge.exe
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
binary
295 b
whitelisted
6472
msedge.exe
GET
200
107.161.175.49:443
https://crackhow4.com/
unknown
binary
167 Kb
unknown
6472
msedge.exe
GET
200
13.107.246.44:443
https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US
unknown
binary
82 b
whitelisted
6472
msedge.exe
GET
200
104.18.23.222:443
https://copilot.microsoft.com/c/api/user/eligibility
unknown
binary
25 b
whitelisted
6472
msedge.exe
GET
200
107.161.175.49:443
https://crackhow4.com/wp-content/boost-cache/static/1bb9837418.min.js
unknown
binary
9.82 Kb
unknown
6472
msedge.exe
GET
200
107.161.175.49:443
https://crackhow4.com/wp-includes/js/wp-emoji-release.min.js?ver=6.9.1
unknown
binary
22.2 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
4468
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4948
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6472
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
6472
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6472
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6472
msedge.exe
107.161.175.49:443
crackhow4.com
YOTTASRC
SA
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
  • 40.127.240.158
whitelisted
self.events.data.microsoft.com
  • 20.189.173.18
  • 13.69.109.131
whitelisted
google.com
  • 216.58.206.46
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
crackhow4.com
  • 107.161.175.49
unknown
api.edgeoffer.microsoft.com
  • 13.107.246.44
  • 13.107.213.44
whitelisted
copilot.microsoft.com
  • 104.18.23.222
  • 104.18.22.222
whitelisted
www.bing.com
  • 92.123.104.57
  • 92.123.104.56
  • 92.123.104.61
  • 92.123.104.62
  • 92.123.104.52
  • 92.123.104.50
  • 92.123.104.58
  • 92.123.104.59
  • 92.123.104.54
  • 92.123.104.31
  • 92.123.104.24
  • 92.123.104.23
  • 92.123.104.37
  • 92.123.104.34
  • 92.123.104.21
  • 92.123.104.19
  • 92.123.104.20
  • 92.123.104.32
  • 92.123.104.26
  • 92.123.104.33
  • 92.123.104.18
  • 92.123.104.17
  • 92.123.104.16
  • 92.123.104.30
whitelisted

Threats

PID
Process
Class
Message
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Image Sharing Service (imgur.com)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Image Sharing Service (imgur.com)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Image Sharing Service (imgur.com)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Image Sharing Service (imgur.com)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
Process
Message
Bend.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
mmc.exe
Constructor: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
mmc.exe
OnInitialize: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
mmc.exe
AddIcons: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
mmc.exe
ProcessCommandLineArguments: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://crackhow4.com/