URL:

https://onedrive.live.com/download?resid=BFAA1D21F286B84F%21231&authkey=!AIb_mfn2J2A0908

Full analysis: https://app.any.run/tasks/6673243b-496d-4c6d-a0e1-ee0934510c40
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: October 19, 2023, 09:54:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

41BD3A990119681C7EA20A182EB69611

SHA1:

59556AECDC7D55C8D55C6447E2CE65FA34DD9E96

SHA256:

394396ADA01713A4D40C41C507C826E9FFB7796E12B08BFAC5CB677765D04CD6

SSDEEP:

3:N8Ck3CTwKbQ1YpJAEG4pEdDFn:2CkST/QlEG4pEdh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • MicrosoftEdgeUpdate.exe (PID: 3976)
      • MicrosoftEdgeUpdate.exe (PID: 2680)
      • MicrosoftEdgeUpdate.exe (PID: 3516)
      • MicrosoftEdgeUpdate.exe (PID: 1396)
      • MicrosoftEdgeUpdate.exe (PID: 1928)
      • MicrosoftEdgeUpdate.exe (PID: 1164)
      • MicrosoftEdgeUpdate.exe (PID: 3792)
      • MicrosoftEdgeUpdate.exe (PID: 940)

    • Application was dropped or rewritten from another process

      • MicrosoftEdgeUpdate.exe (PID: 3976)
      • MicrosoftEdgeUpdateSetup.exe (PID: 3028)
      • MicrosoftEdgeUpdate.exe (PID: 2680)
      • setup.exe (PID: 3992)
      • setup.exe (PID: 3708)
      • MicrosoftEdgeSetup.exe (PID: 548)

    • Drops the executable file immediately after the start

      • MicrosoftEdgeUpdateSetup.exe (PID: 3028)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 1860)
      • setup.exe (PID: 3992)
      • MicrosoftEdgeSetup.exe (PID: 548)

    • Changes the autorun value in the registry

      • setup.exe (PID: 3992)

    • Creates a writable file the system directory

      • MicrosoftEdgeUpdate.exe (PID: 940)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • iexplore.exe (PID: 4068)
      • iexplore.exe (PID: 3628)
      • MicrosoftEdgeUpdateSetup.exe (PID: 3028)
      • MicrosoftEdgeUpdate.exe (PID: 2680)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 1860)
      • setup.exe (PID: 3992)
      • MicrosoftEdgeSetup.exe (PID: 548)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 2680)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdate.exe (PID: 3516)
      • setup.exe (PID: 3992)

    • Creates a software uninstall entry

      • MicrosoftEdgeUpdate.exe (PID: 2680)
      • setup.exe (PID: 3992)

    • Reads the Internet Settings

      • MicrosoftEdgeUpdate.exe (PID: 1396)

    • Checks Windows Trust Settings

      • MicrosoftEdgeUpdate.exe (PID: 1396)
      • MicrosoftEdgeUpdate.exe (PID: 3792)
      • MicrosoftEdgeUpdate.exe (PID: 940)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 1396)

    • Executes as Windows Service

      • MicrosoftEdgeUpdate.exe (PID: 3792)

    • Reads settings of System Certificates

      • MicrosoftEdgeUpdate.exe (PID: 1396)

    • Searches for installed software

      • setup.exe (PID: 3992)

    • Application launched itself

      • setup.exe (PID: 3992)
      • MicrosoftEdgeUpdate.exe (PID: 3792)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3628)
      • chrome.exe (PID: 3456)
      • msedge.exe (PID: 3216)

    • Checks supported languages

      • MicrosoftEdgeUpdate.exe (PID: 3976)
      • MicrosoftEdgeUpdateSetup.exe (PID: 3028)
      • MicrosoftEdgeUpdate.exe (PID: 2680)
      • MicrosoftEdgeUpdate.exe (PID: 1928)
      • MicrosoftEdgeUpdate.exe (PID: 3516)
      • MicrosoftEdgeUpdate.exe (PID: 1396)
      • MicrosoftEdgeUpdate.exe (PID: 1164)
      • MicrosoftEdgeUpdate.exe (PID: 3792)
      • wmpnscfg.exe (PID: 2084)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 1860)
      • setup.exe (PID: 3992)
      • setup.exe (PID: 3708)
      • MicrosoftEdgeSetup.exe (PID: 548)
      • MicrosoftEdgeUpdate.exe (PID: 940)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 3976)
      • wmpnscfg.exe (PID: 2084)
      • setup.exe (PID: 3992)

    • Reads the computer name

      • MicrosoftEdgeUpdate.exe (PID: 3976)
      • MicrosoftEdgeUpdate.exe (PID: 2680)
      • MicrosoftEdgeUpdate.exe (PID: 1928)
      • MicrosoftEdgeUpdate.exe (PID: 3516)
      • MicrosoftEdgeUpdate.exe (PID: 1396)
      • MicrosoftEdgeUpdate.exe (PID: 1164)
      • MicrosoftEdgeUpdate.exe (PID: 3792)
      • wmpnscfg.exe (PID: 2084)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 1860)
      • setup.exe (PID: 3992)
      • setup.exe (PID: 3708)
      • MicrosoftEdgeUpdate.exe (PID: 940)

    • The process uses the downloaded file

      • iexplore.exe (PID: 3628)
      • chrome.exe (PID: 4000)
      • chrome.exe (PID: 3180)
      • chrome.exe (PID: 3240)
      • MicrosoftEdgeSetup.exe (PID: 548)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 4068)
      • iexplore.exe (PID: 3628)

    • Manual execution by a user

      • MicrosoftEdgeSetup.exe (PID: 548)
      • explorer.exe (PID: 3352)
      • chrome.exe (PID: 3456)
      • wmpnscfg.exe (PID: 2084)
      • msedge.exe (PID: 3216)

    • Creates files in the program directory

      • MicrosoftEdgeUpdateSetup.exe (PID: 3028)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 1860)
      • setup.exe (PID: 3992)
      • setup.exe (PID: 3708)

    • Create files in a temporary directory

      • MicrosoftEdgeUpdate.exe (PID: 1396)
      • MicrosoftEdgeSetup.exe (PID: 548)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 1396)
      • MicrosoftEdgeUpdate.exe (PID: 940)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 1396)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
94
Monitored processes
49
Malicious processes
8
Suspicious processes
3

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe explorer.exe no specs microsoftedgesetup.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdatesetup.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe wmpnscfg.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs microsoftedge_x86_109.0.1518.140.exe no specs setup.exe chrome.exe no specs chrome.exe no specs setup.exe no specs microsoftedgeupdate.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1604 --field-trial-handle=1416,i,14309353162539354304,5276070041095843227,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.140
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.140\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
528"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3808 --field-trial-handle=1080,i,857352444669084511,16653761747266058087,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
548"C:\Users\admin\Downloads\MicrosoftEdgeSetup.exe" C:\Users\admin\Downloads\MicrosoftEdgeSetup.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Exit code:
0
Version:
1.3.177.11
Modules
Images
c:\users\admin\downloads\microsoftedgesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\user32.dll
612"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1224 --field-trial-handle=1416,i,14309353162539354304,5276070041095843227,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.140
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.140\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
940"C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzcuMTEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUQ1MzkxMUItMEE3MC00NjM2LUE2NEQtMDNDODg1RTYyQzg0fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0I1MkQxNjU3LTU1OUItNDAyNS04QUZGLUEzOUUwOENEQjlBN30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI0IiBwaHlzbWVtb3J5PSIzIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjI0NTQ2IiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing4NiIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMDkuMC4xNTE4LjE0MCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjEwNSIgaW5zdGFsbGRhdGU9IjYwMjciIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzMzMzEyOTY5Mzk5MzE2NDAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjA4MjYyMjA3MDMiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMDgyNjIyMDcwMyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIxNTU3MTg3NTAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9kODdhM2JiZC03ZmU1LTRlYzMtYjgwNi0yOTNjY2E3OGIzNjM_UDE9MTY5ODMxNDE0NyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1rYjVQSUh4WlpRSU1JbnY1cnpqaUprTThWNWlXdTdvd1g2Mmk1USUyYlolMmJDNEtHNmtlRndYM20zcTglMmJWeEdNckZDWTRKN0lBZFl3b3hYWWFhVCUyZjBEUEZnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTI4NTEyOTY4IiB0b3RhbD0iMTI4NTEyOTY4IiBkb3dubG9hZF90aW1lX21zPSI2ODIxNCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIxNTU3MzczMDQ2IiBzb3VyY2VfdXJsX2luZGV4PSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjE1Nzg5NzQ2MDkiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY2MDgiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIxOTg3NjM2NzE4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTAxMDkiIGRvd25sb2FkX3RpbWVfbXM9IjczMDk5IiBkb3dubG9hZGVkPSIxMjg1MTI5NjgiIHRvdGFsPSIxMjg1MTI5NjgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQwNzUwIi8-PC9hcHA-PC9yZXF1ZXN0PgC:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.175.29
Modules
Images
c:\program files\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
1164"C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=0" /installsource taggedmi /sessionid "{ED53911B-0A70-4636-A64D-03C885E62C84}"C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.175.29
Modules
Images
c:\program files\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
1396"C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzcuMTEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUQ1MzkxMUItMEE3MC00NjM2LUE2NEQtMDNDODg1RTYyQzg0fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezMxNTMzNkY5LTIwQjItNEI1NC05MjY5LUREMTAyQjUzMDQ1MX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI0IiBwaHlzbWVtb3J5PSIzIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjI0NTQ2IiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing4NiIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTc1LjI5IiBuZXh0dmVyc2lvbj0iMS4zLjE3Ny4xMSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjA3MjEyMjA3MDMiIGluc3RhbGxfdGltZV9tcz0iMTE4NyIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.175.29
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\rpcrt4.dll
1580"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1472 --field-trial-handle=1080,i,857352444669084511,16653761747266058087,131072 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1736"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1080,i,857352444669084511,16653761747266058087,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
1768"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2392 --field-trial-handle=1416,i,14309353162539354304,5276070041095843227,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.140
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\microsoft\edge\application\109.0.1518.140\msedge_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
Total events
45 047
Read events
41 723
Write events
3 200
Delete events
124

Modification events

(PID) Process:(3628) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3628) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3628) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3628) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3628) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3628) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3628) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3628) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3628) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3628) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
378
Suspicious files
163
Text files
108
Unknown types
1

Dropped files

PID
Process
Filename
Type
4068iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177binary
MD5:EA5D2E6FAF7492AB1981AD9711AF4E13
SHA256:A29D9108FE9737CF89DE765E2396D8C17CACD74A1C10D243F6C806A96AF70EEE
3628iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3628iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:6892E17E182D71D14098D9F2EA661935
SHA256:5FF6C2DD6815512A3705E46E8ADC227BE1CC29D4BA88F3059634B1670B596580
4068iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
4068iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q904LVLY.txttext
MD5:B64338912BD38D0F410B4E67A0E4D041
SHA256:FF69991543DA1FE3188454D235398F08477AECE054E9FCEA3C7717C5D941188B
3628iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:604ADFB53677B5CA4F910FFB131B3E7C
SHA256:24638331466A52BB66F912090E7A9CC9E3DF2236E39C187C9409104526B472B0
4068iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\download[1].htmhtml
MD5:F8BD9F01F5F9F7145F6F133C98EEEDFB
SHA256:C395133175D9E7535EA2A6336C91D2A504F915CC061ED2B601BF3DA663A7E271
4068iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:6718CCA5E3D88E9F7520CC226CA98BFA
SHA256:B0303660B025E1397AFEA6CBD99B5A029FC81BDF631E5E9D72E2C80BB466CB67
4068iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\main[1].pngimage
MD5:8D20CB2E557FDD5F321E3C62C0933A49
SHA256:68BA43E5B3B5B8656888FBFACFF588C9294A0A100667591BC69488130772DAFD
3628iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
90
DNS requests
91
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
864
svchost.exe
HEAD
200
72.21.81.200:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d87a3bbd-7fe5-4ec3-b806-293cca78b363?P1=1698314147&P2=404&P3=2&P4=kb5PIHxZZQIMInv5rzjiJkM8V5iWu7owX62i5Q%2bZ%2bC4KG6keFwX3m3q8%2bVxGMrFCY4J7IAdYwoxXYaaT%2f0DPFg%3d%3d
unknown
unknown
864
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/lupiny7yislomoehzmx7s4it3m_416/lmelglejhemejginpboagddgdfbepgmp_416_all_ZZ_oeq4jxbunskia2mw2t677iisi4.crx3
unknown
unknown
4068
iexplore.exe
GET
200
67.26.83.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f8f3bf607e1d79ae
unknown
compressed
4.66 Kb
unknown
4068
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAxq6XzO1ZmDhpCgCp6lMhQ%3D
unknown
binary
471 b
unknown
4068
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
der
471 b
unknown
4068
iexplore.exe
GET
200
8.241.11.126:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8f869686e34b7eef
unknown
compressed
4.66 Kb
unknown
4068
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
binary
471 b
unknown
4068
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
binary
471 b
unknown
3628
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
313 b
unknown
4068
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4068
iexplore.exe
13.107.43.13:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2656
svchost.exe
239.255.255.250:1900
whitelisted
4068
iexplore.exe
8.241.11.126:80
ctldl.windowsupdate.com
LEVEL3
US
unknown
4068
iexplore.exe
67.26.83.254:80
ctldl.windowsupdate.com
LEVEL3
US
unknown
4068
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4068
iexplore.exe
20.101.246.164:443
p.sfx.ms
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
3628
iexplore.exe
20.101.246.164:443
p.sfx.ms
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
3628
iexplore.exe
23.36.162.87:443
www.bing.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 8.241.11.126
  • 8.248.149.254
  • 8.253.207.120
  • 67.27.158.254
  • 67.26.83.254
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
p.sfx.ms
  • 20.101.246.164
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 23.36.162.87
  • 23.36.162.84
  • 23.36.162.82
  • 23.36.162.83
  • 23.36.162.80
  • 23.36.162.85
  • 23.36.162.86
  • 23.36.162.79
  • 23.36.162.78
  • 23.36.162.71
  • 23.36.162.75
  • 23.36.162.76
  • 23.36.162.68
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
ajax.aspnetcdn.com
  • 152.199.19.160
whitelisted
edgestatic.azureedge.net
  • 13.107.213.64
  • 13.107.246.64
unknown
go.microsoft.com
  • 23.35.230.74
  • 23.35.234.120
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 8.253.95.117
  • 67.27.157.124
  • 67.27.159.252
whitelisted

Threats

PID
Process
Class
Message
864
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://onedrive.live.com/download?resid=BFAA1D21F286B84F%21231&authkey=!AIb_mfn2J2A0908