File name:

nokia-pc-suite_hisW-D1.exe

Full analysis: https://app.any.run/tasks/b81f90dd-f751-45d3-a7e1-19d9c7978979
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: July 19, 2024, 07:39:42
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
adware
innosetup
loader
netreactor
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

76AFABC610F93883D3529189C616E7CB

SHA1:

72F16AA25C1A6675A52EE9BC9478DD19E1ECD57C

SHA256:

41C883F189814B2FC3DE26E6DF294314A188D9B980BB506C6AD9176BAA03A41B

SSDEEP:

98304:z46Gl58nHBsJM61A/tcTt4x57XQ1LVUY7gnInf8Z64ujWZvOiL/qaui0tPDfo+tC:U6+BNA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • nokia-pc-suite_hisW-D1.exe (PID: 3128)
      • nokia-pc-suite_hisW-D1.exe (PID: 2336)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • ggm32mmo.exe (PID: 6872)
      • 7za.exe (PID: 5944)
      • UnifiedStub-installer.exe (PID: 7772)
      • 7za.exe (PID: 8096)

    • INNOSETUP has been detected (SURICATA)

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)

    • Actions looks like stealing of personal data

      • UnifiedStub-installer.exe (PID: 7772)
      • rsEngineSvc.exe (PID: 4976)

    • Creates a writable file in the system directory

      • UnifiedStub-installer.exe (PID: 7772)
      • rsEDRSvc.exe (PID: 7552)

    • Changes the autorun value in the registry

      • rundll32.exe (PID: 5820)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • nokia-pc-suite_hisW-D1.exe (PID: 3128)
      • nokia-pc-suite_hisW-D1.exe (PID: 2336)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • ggm32mmo.exe (PID: 6872)
      • UnifiedStub-installer.exe (PID: 7772)
      • 7za.exe (PID: 5944)
      • 7za.exe (PID: 8096)

    • Reads security settings of Internet Explorer

      • nokia-pc-suite_hisW-D1.tmp (PID: 7236)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • UnifiedStub-installer.exe (PID: 7772)
      • rsWSC.exe (PID: 2324)
      • rsEngineSvc.exe (PID: 5364)
      • rsEDRSvc.exe (PID: 4880)

    • Reads the date of Windows installation

      • nokia-pc-suite_hisW-D1.tmp (PID: 7236)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • rsEDRSvc.exe (PID: 7552)

    • Reads the Windows owner or organization settings

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)

    • Access to an unwanted program domain was detected

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)

    • Potential Corporate Privacy Violation

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)

    • Process requests binary or script from the Internet

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)

    • Executes application which crashes

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)

    • Drops 7-zip archiver for unpacking

      • ggm32mmo.exe (PID: 6872)
      • 7za.exe (PID: 8096)

    • Process drops legitimate windows executable

      • ggm32mmo.exe (PID: 6872)
      • 7za.exe (PID: 5944)
      • 7za.exe (PID: 8096)
      • UnifiedStub-installer.exe (PID: 7772)

    • Searches for installed software

      • UnifiedStub-installer.exe (PID: 7772)

    • Creates a software uninstall entry

      • UnifiedStub-installer.exe (PID: 7772)

    • Executes as Windows Service

      • rsSyncSvc.exe (PID: 6576)
      • rsClientSvc.exe (PID: 1284)
      • rsWSC.exe (PID: 6952)
      • rsEngineSvc.exe (PID: 4976)
      • rsEDRSvc.exe (PID: 7552)

    • The process drops C-runtime libraries

      • 7za.exe (PID: 8096)
      • UnifiedStub-installer.exe (PID: 7772)

    • Drops a system driver (possible attempt to evade defenses)

      • UnifiedStub-installer.exe (PID: 7772)
      • 7za.exe (PID: 8096)

    • Creates files in the driver directory

      • UnifiedStub-installer.exe (PID: 7772)

    • The process creates files with name similar to system file names

      • 7za.exe (PID: 8096)

    • Creates or modifies Windows services

      • UnifiedStub-installer.exe (PID: 7772)
      • rundll32.exe (PID: 5820)

    • Uses RUNDLL32.EXE to load library

      • UnifiedStub-installer.exe (PID: 7772)

    • Checks Windows Trust Settings

      • rsWSC.exe (PID: 2324)
      • rsEngineSvc.exe (PID: 5364)
      • rsEDRSvc.exe (PID: 4880)
      • rsEDRSvc.exe (PID: 7552)
      • rsEngineSvc.exe (PID: 4976)
      • rsWSC.exe (PID: 6952)

    • Adds/modifies Windows certificates

      • rsWSC.exe (PID: 2324)
      • rsEngineSvc.exe (PID: 5364)

    • Uses WEVTUTIL.EXE to install publishers and event logs from the manifest

      • UnifiedStub-installer.exe (PID: 7772)

    • Reads the BIOS version

      • rsEDRSvc.exe (PID: 7552)

    • Dropped object may contain URLs of mainers pools

      • rsEngineSvc.exe (PID: 4976)

    • Process checks is Powershell's Script Block Logging on

      • rsEDRSvc.exe (PID: 7552)

  • INFO

    • Manual execution by a user

      • WinRAR.exe (PID: 2768)
      • WinRAR.exe (PID: 7604)
      • nokia-pc-suite_hisW-D1.exe (PID: 3128)
      • msedge.exe (PID: 1764)

    • Checks supported languages

      • nokia-pc-suite_hisW-D1.exe (PID: 3128)
      • nokia-pc-suite_hisW-D1.tmp (PID: 7236)
      • nokia-pc-suite_hisW-D1.exe (PID: 2336)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • nokia-pc-suite.exe (PID: 6384)
      • identity_helper.exe (PID: 5804)
      • ggm32mmo.exe (PID: 6872)
      • UnifiedStub-installer.exe (PID: 7772)
      • rsSyncSvc.exe (PID: 5536)
      • identity_helper.exe (PID: 6980)
      • 7za.exe (PID: 5944)
      • rsSyncSvc.exe (PID: 6576)
      • 7za.exe (PID: 8096)
      • rsWSC.exe (PID: 2324)
      • rsClientSvc.exe (PID: 1284)
      • rsClientSvc.exe (PID: 7612)
      • rsEngineSvc.exe (PID: 5364)
      • rsWSC.exe (PID: 6952)
      • rsEngineSvc.exe (PID: 4976)
      • rsEDRSvc.exe (PID: 4880)
      • rsEDRSvc.exe (PID: 7552)
      • rsHelper.exe (PID: 4392)

    • Create files in a temporary directory

      • nokia-pc-suite_hisW-D1.exe (PID: 3128)
      • nokia-pc-suite_hisW-D1.exe (PID: 2336)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • nokia-pc-suite.exe (PID: 6384)
      • ggm32mmo.exe (PID: 6872)
      • UnifiedStub-installer.exe (PID: 7772)

    • Reads the computer name

      • nokia-pc-suite_hisW-D1.tmp (PID: 7236)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • nokia-pc-suite.exe (PID: 6384)
      • identity_helper.exe (PID: 5804)
      • UnifiedStub-installer.exe (PID: 7772)
      • rsSyncSvc.exe (PID: 5536)
      • rsSyncSvc.exe (PID: 6576)
      • identity_helper.exe (PID: 6980)
      • 7za.exe (PID: 5944)
      • 7za.exe (PID: 8096)
      • rsWSC.exe (PID: 2324)
      • rsClientSvc.exe (PID: 7612)
      • rsClientSvc.exe (PID: 1284)
      • rsEngineSvc.exe (PID: 5364)
      • rsWSC.exe (PID: 6952)
      • rsEDRSvc.exe (PID: 4880)
      • rsEngineSvc.exe (PID: 4976)
      • rsEDRSvc.exe (PID: 7552)
      • rsHelper.exe (PID: 4392)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 7604)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7604)

    • Process checks computer location settings

      • nokia-pc-suite_hisW-D1.tmp (PID: 7236)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)

    • Checks proxy server information

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • UnifiedStub-installer.exe (PID: 7772)
      • rsWSC.exe (PID: 2324)
      • rsEngineSvc.exe (PID: 5364)

    • Reads the machine GUID from the registry

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • UnifiedStub-installer.exe (PID: 7772)
      • rsWSC.exe (PID: 2324)
      • rsWSC.exe (PID: 6952)
      • rsEngineSvc.exe (PID: 5364)
      • rsEngineSvc.exe (PID: 4976)
      • rsEDRSvc.exe (PID: 4880)
      • rsEDRSvc.exe (PID: 7552)
      • rsHelper.exe (PID: 4392)

    • Reads the software policy settings

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • UnifiedStub-installer.exe (PID: 7772)
      • rsWSC.exe (PID: 2324)
      • rsEDRSvc.exe (PID: 4880)
      • rsEngineSvc.exe (PID: 5364)
      • rsEDRSvc.exe (PID: 7552)
      • rsWSC.exe (PID: 6952)
      • rsEngineSvc.exe (PID: 4976)

    • Reads Environment values

      • prod0.exe (PID: 6192)
      • UnifiedStub-installer.exe (PID: 7772)
      • rsEDRSvc.exe (PID: 7552)
      • rsEngineSvc.exe (PID: 4976)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 6288)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • msedge.exe (PID: 1764)
      • msedge.exe (PID: 4504)

    • Creates files in the program directory

      • nokia-pc-suite.exe (PID: 6384)
      • UnifiedStub-installer.exe (PID: 7772)
      • 7za.exe (PID: 5944)
      • 7za.exe (PID: 8096)
      • rsWSC.exe (PID: 2324)
      • rsEngineSvc.exe (PID: 5364)
      • rsEDRSvc.exe (PID: 4880)
      • rsEngineSvc.exe (PID: 4976)
      • rsEDRSvc.exe (PID: 7552)

    • Application launched itself

      • msedge.exe (PID: 6288)
      • msedge.exe (PID: 1764)
      • msedge.exe (PID: 4504)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 3024)
      • WerFault.exe (PID: 6640)
      • rsWSC.exe (PID: 2324)
      • rsEngineSvc.exe (PID: 5364)

    • Disables trace logs

      • prod0.exe (PID: 6192)
      • UnifiedStub-installer.exe (PID: 7772)
      • rsEDRSvc.exe (PID: 7552)
      • rsEngineSvc.exe (PID: 4976)

    • .NET Reactor protector has been detected

      • UnifiedStub-installer.exe (PID: 7772)
      • rsWSC.exe (PID: 6952)

    • Reads the time zone

      • runonce.exe (PID: 7764)
      • rsEDRSvc.exe (PID: 7552)

    • Reads security settings of Internet Explorer

      • runonce.exe (PID: 7764)

    • Reads CPU info

      • rsEDRSvc.exe (PID: 7552)

    • Reads product name

      • rsEDRSvc.exe (PID: 7552)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:07:19 09:39:06
ZipCRC: 0x9724c365
ZipCompressedSize: 1956636
ZipUncompressedSize: 1956636
ZipFileName: AVSamples.zip
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
220
Monitored processes
85
Malicious processes
12
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs winrar.exe no specs winrar.exe slui.exe no specs nokia-pc-suite_hisw-d1.exe nokia-pc-suite_hisw-d1.tmp no specs nokia-pc-suite_hisw-d1.exe #INNOSETUP nokia-pc-suite_hisw-d1.tmp prod0.exe nokia-pc-suite.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs werfault.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs werfault.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs ggm32mmo.exe THREAT unifiedstub-installer.exe rssyncsvc.exe no specs conhost.exe no specs rssyncsvc.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs 7za.exe conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs 7za.exe conhost.exe no specs rundll32.exe runonce.exe no specs grpconv.exe no specs wevtutil.exe no specs conhost.exe no specs fltmc.exe no specs conhost.exe no specs wevtutil.exe no specs conhost.exe no specs rswsc.exe THREAT rswsc.exe no specs rsclientsvc.exe no specs conhost.exe no specs rsclientsvc.exe no specs rsenginesvc.exe rsenginesvc.exe msedge.exe no specs rsedrsvc.exe no specs rsedrsvc.exe rshelper.exe no specs 7za.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
908"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4896 --field-trial-handle=2340,i,14174428593473783396,1040376337560302737,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1284"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exeservices.exe
User:
SYSTEM
Company:
Reason Software Company Inc.
Integrity Level:
SYSTEM
Description:
Reason Client Service
Version:
5.32.2
Modules
Images
c:\program files\reasonlabs\epp\rsclientsvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1492"C:\WINDOWS\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xmlC:\Windows\System32\wevtutil.exeUnifiedStub-installer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Eventing Command Line Utility
Exit code:
87
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\combase.dll
1652"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x264,0x268,0x26c,0x260,0x240,0x7ffd9f3e5fd8,0x7ffd9f3e5fe4,0x7ffd9f3e5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1764"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate --single-argument https://download.it/?typ=1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1792\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exersClientSvc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1928"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2720 --field-trial-handle=2412,i,12583713613237397684,5338144414364569698,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2056"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x2fc,0x300,0x304,0x2f8,0x30c,0x7ffd9f3e5fd8,0x7ffd9f3e5fe4,0x7ffd9f3e5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2060"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3352 --field-trial-handle=2340,i,14174428593473783396,1040376337560302737,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2252"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2376 --field-trial-handle=2340,i,14174428593473783396,1040376337560302737,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
75 789
Read events
75 405
Write events
331
Delete events
53

Modification events

(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\nokia-pc-suite_hisW-D1.exe.zip
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:name
Value:
256
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:size
Value:
80
Executable files
510
Suspicious files
268
Text files
135
Unknown types
7

Dropped files

PID
Process
Filename
Type
5752nokia-pc-suite_hisW-D1.tmpC:\Users\admin\AppData\Local\Temp\is-RC0A2.tmp\is-B2B9T.tmp
MD5:
SHA256:
5752nokia-pc-suite_hisW-D1.tmpC:\Users\admin\AppData\Local\Temp\is-RC0A2.tmp\nokia-pc-suite.exe
MD5:
SHA256:
5752nokia-pc-suite_hisW-D1.tmpC:\Users\admin\Downloads\nokia-pc-suite.exe
MD5:
SHA256:
6288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-669A1917-1890.pma
MD5:
SHA256:
7604WinRAR.exeC:\Users\admin\Desktop\nokia-pc-suite_hisW-D1.exeexecutable
MD5:4CEF35CB56164E4427C8890CF5CDFD85
SHA256:564B8E327A13C948CEA21587245B7B0005F786EA57F62BD602EF4ECEC66171C6
5752nokia-pc-suite_hisW-D1.tmpC:\Users\admin\AppData\Local\Temp\is-RC0A2.tmp\Helper.dllexecutable
MD5:4EB0347E66FA465F602E52C03E5C0B4B
SHA256:C73E53CBB7B98FEAFE27CC7DE8FDAD51DF438E2235E91891461C5123888F73CC
2336nokia-pc-suite_hisW-D1.exeC:\Users\admin\AppData\Local\Temp\is-ARLES.tmp\nokia-pc-suite_hisW-D1.tmpexecutable
MD5:02B1D8FF84BCD4EBCB01156636269B99
SHA256:A6497DDDDD577CAEFE5A39958A604F9EE4BFE93E9DA285B147BA6FC6788E75CA
5752nokia-pc-suite_hisW-D1.tmpC:\Users\admin\AppData\Local\Temp\is-RC0A2.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
2768WinRAR.exeC:\Users\admin\Desktop\AVSamples.zipcompressed
MD5:3F4D54E468D783C975976CAAF04C8BD2
SHA256:8E58C9B2D33FC5CEFD0B754A7BE14FACFA15135B901CB67F89DA877E32513A27
2768WinRAR.exeC:\Users\admin\Desktop\READMEtext
MD5:248DB880A59ABBF05BCAC2E157C7AE91
SHA256:447BB1211D01F9F051BF843E3ACA4614D41A1B62B4E12349E3900D6535DFBC78
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
138
DNS requests
119
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2324
rsWSC.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEQCeArDpSs6yEJyh6YNr4MLb
unknown
whitelisted
2324
rsWSC.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQRz3ETyLz2DaZTxGOH%2BA%2BjK7MkGAQUJGWTmAgB6E7U1kzqZFXhwPr7z7MCEAeSK29bdU5YKBXAnjHx1BY%3D
unknown
whitelisted
5752
nokia-pc-suite_hisW-D1.tmp
GET
200
95.168.168.24:80
http://dl.jalecdn.com/IT/nokia-pc-suite.exe
unknown
unknown
5364
rsEngineSvc.exe
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBTDHsfuqfubd3pihvq4mgQVWgHWNwQUyH7SaoUqG8oZmAQHJ89QEE9oqKICEzMAAAAHh6M0o3uljhwAAAAAAAc%3D
unknown
whitelisted
5364
rsEngineSvc.exe
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBTOQYLFSE5GO%2FpaRVfYu7d9gZEbQAQU2UEpsA8PY2zvadf1zSmepEhqMOYCEzMAAAAHN4xbodlbjNQAAAAAAAc%3D
unknown
whitelisted
5364
rsEngineSvc.exe
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRBq81UG1MnDOVNKqff0SSEz6JuZwQU6IPEM9fcnwycdpoKptTfh6ZeWO4CEzMAATXj8%2BWM%2BdRgn3UAAAABNeM%3D
unknown
whitelisted
5800
svchost.exe
HEAD
200
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cea6d764-36bf-4144-a357-ec91013ddbf5?P1=1721432054&P2=404&P3=2&P4=kMw4cIjzZF25p5cGuEKI%2frkQkTImjUiikyC2%2bWhZUC8Auvh9uFmlg%2fNj8vJG3dv%2bCzBkNCO5J4L0tEfPDtoDnQ%3d%3d
unknown
whitelisted
5800
svchost.exe
GET
206
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cea6d764-36bf-4144-a357-ec91013ddbf5?P1=1721432054&P2=404&P3=2&P4=kMw4cIjzZF25p5cGuEKI%2frkQkTImjUiikyC2%2bWhZUC8Auvh9uFmlg%2fNj8vJG3dv%2bCzBkNCO5J4L0tEfPDtoDnQ%3d%3d
unknown
whitelisted
7552
rsEDRSvc.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
5800
svchost.exe
GET
206
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cea6d764-36bf-4144-a357-ec91013ddbf5?P1=1721432054&P2=404&P3=2&P4=kMw4cIjzZF25p5cGuEKI%2frkQkTImjUiikyC2%2bWhZUC8Auvh9uFmlg%2fNj8vJG3dv%2bCzBkNCO5J4L0tEfPDtoDnQ%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4336
backgroundTaskHost.exe
20.199.58.43:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
unknown
4032
svchost.exe
239.255.255.250:1900
whitelisted
7856
svchost.exe
4.209.32.67:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
4716
svchost.exe
40.126.32.72:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
4
System
192.168.100.255:138
whitelisted
4336
backgroundTaskHost.exe
20.103.156.88:443
fd.api.iris.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
2760
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6500
slui.exe
20.83.72.98:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4716
svchost.exe
20.190.160.17:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
arc.msn.com
  • 20.199.58.43
whitelisted
login.live.com
  • 40.126.32.72
  • 20.190.160.17
  • 40.126.32.68
  • 40.126.32.138
  • 20.190.160.22
  • 40.126.32.134
  • 40.126.32.133
  • 40.126.32.74
whitelisted
google.com
  • 142.250.186.46
whitelisted
fd.api.iris.microsoft.com
  • 20.103.156.88
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
dns.msftncsi.com
  • 131.107.255.255
whitelisted
d1e9165hyidvf5.cloudfront.net
  • 18.244.20.119
  • 18.244.20.193
  • 18.244.20.154
  • 18.244.20.27
whitelisted
cdn.download.it
  • 104.22.57.224
  • 172.67.26.92
  • 104.22.56.224
whitelisted

Threats

PID
Process
Class
Message
5752
nokia-pc-suite_hisW-D1.tmp
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
5752
nokia-pc-suite_hisW-D1.tmp
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
nokia-pc-suite_hisW-D1.exe