File name:

nokia-pc-suite_hisW-D1.exe

Full analysis: https://app.any.run/tasks/b81f90dd-f751-45d3-a7e1-19d9c7978979
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: July 19, 2024, 07:39:42
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
adware
innosetup
loader
netreactor
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

76AFABC610F93883D3529189C616E7CB

SHA1:

72F16AA25C1A6675A52EE9BC9478DD19E1ECD57C

SHA256:

41C883F189814B2FC3DE26E6DF294314A188D9B980BB506C6AD9176BAA03A41B

SSDEEP:

98304:z46Gl58nHBsJM61A/tcTt4x57XQ1LVUY7gnInf8Z64ujWZvOiL/qaui0tPDfo+tC:U6+BNA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • nokia-pc-suite_hisW-D1.exe (PID: 3128)
      • nokia-pc-suite_hisW-D1.exe (PID: 2336)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • ggm32mmo.exe (PID: 6872)
      • UnifiedStub-installer.exe (PID: 7772)
      • 7za.exe (PID: 5944)
      • 7za.exe (PID: 8096)

    • INNOSETUP has been detected (SURICATA)

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)

    • Actions looks like stealing of personal data

      • UnifiedStub-installer.exe (PID: 7772)
      • rsEngineSvc.exe (PID: 4976)

    • Creates a writable file in the system directory

      • UnifiedStub-installer.exe (PID: 7772)
      • rsEDRSvc.exe (PID: 7552)

    • Changes the autorun value in the registry

      • rundll32.exe (PID: 5820)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • nokia-pc-suite_hisW-D1.exe (PID: 3128)
      • nokia-pc-suite_hisW-D1.exe (PID: 2336)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • ggm32mmo.exe (PID: 6872)
      • UnifiedStub-installer.exe (PID: 7772)
      • 7za.exe (PID: 5944)
      • 7za.exe (PID: 8096)

    • Reads security settings of Internet Explorer

      • nokia-pc-suite_hisW-D1.tmp (PID: 7236)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • UnifiedStub-installer.exe (PID: 7772)
      • rsWSC.exe (PID: 2324)
      • rsEngineSvc.exe (PID: 5364)
      • rsEDRSvc.exe (PID: 4880)

    • Reads the date of Windows installation

      • nokia-pc-suite_hisW-D1.tmp (PID: 7236)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • rsEDRSvc.exe (PID: 7552)

    • Reads the Windows owner or organization settings

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)

    • Potential Corporate Privacy Violation

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)

    • Access to an unwanted program domain was detected

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)

    • Executes application which crashes

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)

    • Process requests binary or script from the Internet

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)

    • Process drops legitimate windows executable

      • ggm32mmo.exe (PID: 6872)
      • 7za.exe (PID: 5944)
      • 7za.exe (PID: 8096)
      • UnifiedStub-installer.exe (PID: 7772)

    • Drops 7-zip archiver for unpacking

      • ggm32mmo.exe (PID: 6872)
      • 7za.exe (PID: 8096)

    • Executes as Windows Service

      • rsSyncSvc.exe (PID: 6576)
      • rsWSC.exe (PID: 6952)
      • rsClientSvc.exe (PID: 1284)
      • rsEngineSvc.exe (PID: 4976)
      • rsEDRSvc.exe (PID: 7552)

    • Searches for installed software

      • UnifiedStub-installer.exe (PID: 7772)

    • Creates a software uninstall entry

      • UnifiedStub-installer.exe (PID: 7772)

    • Creates or modifies Windows services

      • rundll32.exe (PID: 5820)
      • UnifiedStub-installer.exe (PID: 7772)

    • Drops a system driver (possible attempt to evade defenses)

      • 7za.exe (PID: 8096)
      • UnifiedStub-installer.exe (PID: 7772)

    • The process drops C-runtime libraries

      • 7za.exe (PID: 8096)
      • UnifiedStub-installer.exe (PID: 7772)

    • The process creates files with name similar to system file names

      • 7za.exe (PID: 8096)

    • Uses WEVTUTIL.EXE to install publishers and event logs from the manifest

      • UnifiedStub-installer.exe (PID: 7772)

    • Creates files in the driver directory

      • UnifiedStub-installer.exe (PID: 7772)

    • Uses RUNDLL32.EXE to load library

      • UnifiedStub-installer.exe (PID: 7772)

    • Checks Windows Trust Settings

      • rsWSC.exe (PID: 2324)
      • rsEngineSvc.exe (PID: 5364)
      • rsEDRSvc.exe (PID: 4880)
      • rsEDRSvc.exe (PID: 7552)
      • rsWSC.exe (PID: 6952)
      • rsEngineSvc.exe (PID: 4976)

    • Adds/modifies Windows certificates

      • rsWSC.exe (PID: 2324)
      • rsEngineSvc.exe (PID: 5364)

    • Process checks is Powershell's Script Block Logging on

      • rsEDRSvc.exe (PID: 7552)

    • Reads the BIOS version

      • rsEDRSvc.exe (PID: 7552)

    • Dropped object may contain URLs of mainers pools

      • rsEngineSvc.exe (PID: 4976)

  • INFO

    • Manual execution by a user

      • WinRAR.exe (PID: 7604)
      • WinRAR.exe (PID: 2768)
      • nokia-pc-suite_hisW-D1.exe (PID: 3128)
      • msedge.exe (PID: 1764)

    • Checks supported languages

      • nokia-pc-suite_hisW-D1.exe (PID: 3128)
      • nokia-pc-suite_hisW-D1.tmp (PID: 7236)
      • nokia-pc-suite_hisW-D1.exe (PID: 2336)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • nokia-pc-suite.exe (PID: 6384)
      • identity_helper.exe (PID: 5804)
      • ggm32mmo.exe (PID: 6872)
      • UnifiedStub-installer.exe (PID: 7772)
      • identity_helper.exe (PID: 6980)
      • rsSyncSvc.exe (PID: 5536)
      • rsSyncSvc.exe (PID: 6576)
      • 7za.exe (PID: 8096)
      • 7za.exe (PID: 5944)
      • rsWSC.exe (PID: 2324)
      • rsWSC.exe (PID: 6952)
      • rsClientSvc.exe (PID: 7612)
      • rsClientSvc.exe (PID: 1284)
      • rsEngineSvc.exe (PID: 5364)
      • rsEngineSvc.exe (PID: 4976)
      • rsEDRSvc.exe (PID: 4880)
      • rsEDRSvc.exe (PID: 7552)
      • rsHelper.exe (PID: 4392)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7604)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 7604)

    • Create files in a temporary directory

      • nokia-pc-suite_hisW-D1.exe (PID: 3128)
      • nokia-pc-suite_hisW-D1.exe (PID: 2336)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • nokia-pc-suite.exe (PID: 6384)
      • ggm32mmo.exe (PID: 6872)
      • UnifiedStub-installer.exe (PID: 7772)

    • Reads the computer name

      • nokia-pc-suite_hisW-D1.tmp (PID: 7236)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • nokia-pc-suite.exe (PID: 6384)
      • identity_helper.exe (PID: 5804)
      • UnifiedStub-installer.exe (PID: 7772)
      • rsSyncSvc.exe (PID: 5536)
      • identity_helper.exe (PID: 6980)
      • rsSyncSvc.exe (PID: 6576)
      • 7za.exe (PID: 8096)
      • 7za.exe (PID: 5944)
      • rsWSC.exe (PID: 6952)
      • rsClientSvc.exe (PID: 7612)
      • rsClientSvc.exe (PID: 1284)
      • rsWSC.exe (PID: 2324)
      • rsEngineSvc.exe (PID: 5364)
      • rsEngineSvc.exe (PID: 4976)
      • rsEDRSvc.exe (PID: 7552)
      • rsEDRSvc.exe (PID: 4880)
      • rsHelper.exe (PID: 4392)

    • Process checks computer location settings

      • nokia-pc-suite_hisW-D1.tmp (PID: 7236)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)

    • Reads the machine GUID from the registry

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • UnifiedStub-installer.exe (PID: 7772)
      • rsWSC.exe (PID: 2324)
      • rsWSC.exe (PID: 6952)
      • rsEngineSvc.exe (PID: 5364)
      • rsEngineSvc.exe (PID: 4976)
      • rsEDRSvc.exe (PID: 4880)
      • rsEDRSvc.exe (PID: 7552)
      • rsHelper.exe (PID: 4392)

    • Reads the software policy settings

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • UnifiedStub-installer.exe (PID: 7772)
      • rsWSC.exe (PID: 2324)
      • rsEngineSvc.exe (PID: 5364)
      • rsEDRSvc.exe (PID: 4880)
      • rsEDRSvc.exe (PID: 7552)
      • rsEngineSvc.exe (PID: 4976)
      • rsWSC.exe (PID: 6952)

    • Checks proxy server information

      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • prod0.exe (PID: 6192)
      • UnifiedStub-installer.exe (PID: 7772)
      • rsWSC.exe (PID: 2324)
      • rsEngineSvc.exe (PID: 5364)

    • Reads Environment values

      • prod0.exe (PID: 6192)
      • UnifiedStub-installer.exe (PID: 7772)
      • rsEDRSvc.exe (PID: 7552)
      • rsEngineSvc.exe (PID: 4976)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 6288)
      • nokia-pc-suite_hisW-D1.tmp (PID: 5752)
      • msedge.exe (PID: 1764)
      • msedge.exe (PID: 4504)

    • Creates files in the program directory

      • nokia-pc-suite.exe (PID: 6384)
      • UnifiedStub-installer.exe (PID: 7772)
      • 7za.exe (PID: 5944)
      • 7za.exe (PID: 8096)
      • rsWSC.exe (PID: 2324)
      • rsEngineSvc.exe (PID: 5364)
      • rsEngineSvc.exe (PID: 4976)
      • rsEDRSvc.exe (PID: 4880)
      • rsEDRSvc.exe (PID: 7552)

    • Application launched itself

      • msedge.exe (PID: 6288)
      • msedge.exe (PID: 1764)
      • msedge.exe (PID: 4504)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 3024)
      • WerFault.exe (PID: 6640)
      • rsWSC.exe (PID: 2324)
      • rsEngineSvc.exe (PID: 5364)

    • Disables trace logs

      • prod0.exe (PID: 6192)
      • UnifiedStub-installer.exe (PID: 7772)
      • rsEDRSvc.exe (PID: 7552)
      • rsEngineSvc.exe (PID: 4976)

    • .NET Reactor protector has been detected

      • UnifiedStub-installer.exe (PID: 7772)
      • rsWSC.exe (PID: 6952)

    • Reads the time zone

      • runonce.exe (PID: 7764)
      • rsEDRSvc.exe (PID: 7552)

    • Reads security settings of Internet Explorer

      • runonce.exe (PID: 7764)

    • Reads product name

      • rsEDRSvc.exe (PID: 7552)

    • Reads CPU info

      • rsEDRSvc.exe (PID: 7552)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:07:19 09:39:06
ZipCRC: 0x9724c365
ZipCompressedSize: 1956636
ZipUncompressedSize: 1956636
ZipFileName: AVSamples.zip
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
220
Monitored processes
85
Malicious processes
12
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs winrar.exe no specs winrar.exe slui.exe no specs nokia-pc-suite_hisw-d1.exe nokia-pc-suite_hisw-d1.tmp no specs nokia-pc-suite_hisw-d1.exe #INNOSETUP nokia-pc-suite_hisw-d1.tmp prod0.exe nokia-pc-suite.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs werfault.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs werfault.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs ggm32mmo.exe THREAT unifiedstub-installer.exe rssyncsvc.exe no specs conhost.exe no specs rssyncsvc.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs 7za.exe conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs 7za.exe conhost.exe no specs rundll32.exe runonce.exe no specs grpconv.exe no specs wevtutil.exe no specs conhost.exe no specs fltmc.exe no specs conhost.exe no specs wevtutil.exe no specs conhost.exe no specs rswsc.exe THREAT rswsc.exe no specs rsclientsvc.exe no specs conhost.exe no specs rsclientsvc.exe no specs rsenginesvc.exe rsenginesvc.exe msedge.exe no specs rsedrsvc.exe no specs rsedrsvc.exe rshelper.exe no specs 7za.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
908"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4896 --field-trial-handle=2340,i,14174428593473783396,1040376337560302737,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1284"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exeservices.exe
User:
SYSTEM
Company:
Reason Software Company Inc.
Integrity Level:
SYSTEM
Description:
Reason Client Service
Version:
5.32.2
Modules
Images
c:\program files\reasonlabs\epp\rsclientsvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1492"C:\WINDOWS\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xmlC:\Windows\System32\wevtutil.exeUnifiedStub-installer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Eventing Command Line Utility
Exit code:
87
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\combase.dll
1652"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x264,0x268,0x26c,0x260,0x240,0x7ffd9f3e5fd8,0x7ffd9f3e5fe4,0x7ffd9f3e5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1764"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate --single-argument https://download.it/?typ=1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1792\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exersClientSvc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1928"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2720 --field-trial-handle=2412,i,12583713613237397684,5338144414364569698,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2056"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x2fc,0x300,0x304,0x2f8,0x30c,0x7ffd9f3e5fd8,0x7ffd9f3e5fe4,0x7ffd9f3e5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2060"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3352 --field-trial-handle=2340,i,14174428593473783396,1040376337560302737,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2252"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2376 --field-trial-handle=2340,i,14174428593473783396,1040376337560302737,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
75 789
Read events
75 405
Write events
331
Delete events
53

Modification events

(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\nokia-pc-suite_hisW-D1.exe.zip
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:name
Value:
256
(PID) Process:(7832) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:size
Value:
80
Executable files
510
Suspicious files
268
Text files
135
Unknown types
7

Dropped files

PID
Process
Filename
Type
5752nokia-pc-suite_hisW-D1.tmpC:\Users\admin\AppData\Local\Temp\is-RC0A2.tmp\is-B2B9T.tmp
MD5:
SHA256:
5752nokia-pc-suite_hisW-D1.tmpC:\Users\admin\AppData\Local\Temp\is-RC0A2.tmp\nokia-pc-suite.exe
MD5:
SHA256:
5752nokia-pc-suite_hisW-D1.tmpC:\Users\admin\Downloads\nokia-pc-suite.exe
MD5:
SHA256:
6288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-669A1917-1890.pma
MD5:
SHA256:
2336nokia-pc-suite_hisW-D1.exeC:\Users\admin\AppData\Local\Temp\is-ARLES.tmp\nokia-pc-suite_hisW-D1.tmpexecutable
MD5:02B1D8FF84BCD4EBCB01156636269B99
SHA256:A6497DDDDD577CAEFE5A39958A604F9EE4BFE93E9DA285B147BA6FC6788E75CA
5752nokia-pc-suite_hisW-D1.tmpC:\Users\admin\AppData\Local\Temp\is-RC0A2.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
5752nokia-pc-suite_hisW-D1.tmpC:\Users\admin\AppData\Local\Temp\is-RC0A2.tmp\is-51REH.tmpimage
MD5:3136163026C7C1376B2917B3FF1AC623
SHA256:8C174CC71F9F5E2DC353981F2F2D93E86E99ABDD25E725296B144E857AFC2317
2768WinRAR.exeC:\Users\admin\Desktop\AVSamples.zipcompressed
MD5:3F4D54E468D783C975976CAAF04C8BD2
SHA256:8E58C9B2D33FC5CEFD0B754A7BE14FACFA15135B901CB67F89DA877E32513A27
5752nokia-pc-suite_hisW-D1.tmpC:\Users\admin\AppData\Local\Temp\is-RC0A2.tmp\loader.gifimage
MD5:12D7FD91A06CEE2D0E76ABE0485036EE
SHA256:A6192B9A3FA5DB9917AEF72D651B7AD8FD8CCB9B53F3AD99D7C46701D00C78CB
5752nokia-pc-suite_hisW-D1.tmpC:\Users\admin\AppData\Local\Temp\is-RC0A2.tmp\is-1AMU1.tmpimage
MD5:CD09F361286D1AD2622BA8A57B7613BD
SHA256:B92A31D4853D1B2C4E5B9D9624F40B439856D0C6A517E100978CBDE8D3C47DC8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
138
DNS requests
119
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5752
nokia-pc-suite_hisW-D1.tmp
GET
200
95.168.168.24:80
http://dl.jalecdn.com/IT/nokia-pc-suite.exe
unknown
unknown
2324
rsWSC.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEQCeArDpSs6yEJyh6YNr4MLb
unknown
whitelisted
2324
rsWSC.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQRz3ETyLz2DaZTxGOH%2BA%2BjK7MkGAQUJGWTmAgB6E7U1kzqZFXhwPr7z7MCEAeSK29bdU5YKBXAnjHx1BY%3D
unknown
whitelisted
5364
rsEngineSvc.exe
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBTDHsfuqfubd3pihvq4mgQVWgHWNwQUyH7SaoUqG8oZmAQHJ89QEE9oqKICEzMAAAAHh6M0o3uljhwAAAAAAAc%3D
unknown
whitelisted
5364
rsEngineSvc.exe
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBTOQYLFSE5GO%2FpaRVfYu7d9gZEbQAQU2UEpsA8PY2zvadf1zSmepEhqMOYCEzMAAAAHN4xbodlbjNQAAAAAAAc%3D
unknown
whitelisted
5364
rsEngineSvc.exe
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRBq81UG1MnDOVNKqff0SSEz6JuZwQU6IPEM9fcnwycdpoKptTfh6ZeWO4CEzMAATXj8%2BWM%2BdRgn3UAAAABNeM%3D
unknown
whitelisted
5800
svchost.exe
HEAD
200
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cea6d764-36bf-4144-a357-ec91013ddbf5?P1=1721432054&P2=404&P3=2&P4=kMw4cIjzZF25p5cGuEKI%2frkQkTImjUiikyC2%2bWhZUC8Auvh9uFmlg%2fNj8vJG3dv%2bCzBkNCO5J4L0tEfPDtoDnQ%3d%3d
unknown
whitelisted
5800
svchost.exe
GET
206
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cea6d764-36bf-4144-a357-ec91013ddbf5?P1=1721432054&P2=404&P3=2&P4=kMw4cIjzZF25p5cGuEKI%2frkQkTImjUiikyC2%2bWhZUC8Auvh9uFmlg%2fNj8vJG3dv%2bCzBkNCO5J4L0tEfPDtoDnQ%3d%3d
unknown
whitelisted
5800
svchost.exe
GET
206
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cea6d764-36bf-4144-a357-ec91013ddbf5?P1=1721432054&P2=404&P3=2&P4=kMw4cIjzZF25p5cGuEKI%2frkQkTImjUiikyC2%2bWhZUC8Auvh9uFmlg%2fNj8vJG3dv%2bCzBkNCO5J4L0tEfPDtoDnQ%3d%3d
unknown
whitelisted
7552
rsEDRSvc.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4336
backgroundTaskHost.exe
20.199.58.43:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
unknown
4032
svchost.exe
239.255.255.250:1900
whitelisted
7856
svchost.exe
4.209.32.67:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
4716
svchost.exe
40.126.32.72:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
4
System
192.168.100.255:138
whitelisted
4336
backgroundTaskHost.exe
20.103.156.88:443
fd.api.iris.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
2760
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6500
slui.exe
20.83.72.98:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4716
svchost.exe
20.190.160.17:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
arc.msn.com
  • 20.199.58.43
whitelisted
login.live.com
  • 40.126.32.72
  • 20.190.160.17
  • 40.126.32.68
  • 40.126.32.138
  • 20.190.160.22
  • 40.126.32.134
  • 40.126.32.133
  • 40.126.32.74
whitelisted
google.com
  • 142.250.186.46
whitelisted
fd.api.iris.microsoft.com
  • 20.103.156.88
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
dns.msftncsi.com
  • 131.107.255.255
whitelisted
d1e9165hyidvf5.cloudfront.net
  • 18.244.20.119
  • 18.244.20.193
  • 18.244.20.154
  • 18.244.20.27
whitelisted
cdn.download.it
  • 104.22.57.224
  • 172.67.26.92
  • 104.22.56.224
whitelisted

Threats

PID
Process
Class
Message
5752
nokia-pc-suite_hisW-D1.tmp
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
5752
nokia-pc-suite_hisW-D1.tmp
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
nokia-pc-suite_hisW-D1.exe