URL:

youtube.com

Full analysis: https://app.any.run/tasks/8aef0ed4-e341-495c-9df2-99a3b7eece73
Verdict: Malicious activity
Threats:

INC Ransomware is a ransomware-as-a-service (RaaS) spotted in mid-2023. It targets industries like retail, real estate, finance, healthcare, and education, primarily in the U.S. and UK. It encrypts and exfiltrates data demanding a ransom. It employs advanced evasion techniques, destroys backup, and abuses legitimate system tools at all the stages of the kill chain.

Malware Trends Tracker     >>>
Analysis date: March 24, 2025, 10:58:46
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
autorun-download
inc
ransomware
rhadamanthys
stealer
shellcode
Indicators:
MD5:

14DD5266C70789BDC806364DF4586335

SHA1:

D7E222C8D7BA68D8030080BD470AE2B2F2CBC06D

SHA256:

4DC3A769398CC02559FD9F4D955613E86E7C8A02818F430FD61960152E7B8072

SSDEEP:

3:7QRnGTn:QGT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • INC has been detected

      • WinRAR.exe (PID: 7020)

    • Executing a file with an untrusted certificate

      • NеwInst[Х64-86].exe (PID: 668)

    • RHADAMANTHYS mutex has been found

      • AppLaunch.exe (PID: 8408)
      • svchost.exe (PID: 5084)

    • Actions looks like stealing of personal data

      • chrome.exe (PID: 9096)
      • msedge.exe (PID: 9316)

    • RHADAMANTHYS has been detected (YARA)

      • svchost.exe (PID: 3124)

    • Steals credentials from Web Browsers

      • msedge.exe (PID: 9316)

    • Loads dropped or rewritten executable

      • MusNotifyIcon.exe (PID: 9196)
      • chrome.exe (PID: 8600)
      • chrome.exe (PID: 8900)
      • msedge.exe (PID: 728)
      • ShellExperienceHost.exe (PID: 2896)
      • svchost.exe (PID: 3124)
      • backgroundTaskHost.exe (PID: 8076)
      • chrome.exe (PID: 1328)
      • BackgroundTransferHost.exe (PID: 8460)
      • backgroundTaskHost.exe (PID: 6980)
      • backgroundTaskHost.exe (PID: 8548)
      • backgroundTaskHost.exe (PID: 8124)
      • msedge.exe (PID: 10040)
      • msedge.exe (PID: 6752)
      • BackgroundTransferHost.exe (PID: 8476)
      • backgroundTaskHost.exe (PID: 8948)
      • msedge.exe (PID: 9976)
      • BackgroundTransferHost.exe (PID: 6184)
      • slui.exe (PID: 5308)
      • wmlaunch.exe (PID: 2576)
      • msedge.exe (PID: 2560)
      • RuntimeBroker.exe (PID: 4112)
      • backgroundTaskHost.exe (PID: 8636)
      • msedge.exe (PID: 10072)
      • chrome.exe (PID: 6404)
      • msedge.exe (PID: 9712)
      • chrome.exe (PID: 9096)
      • chrome.exe (PID: 8992)
      • msedge.exe (PID: 9416)
      • msedge.exe (PID: 9720)
      • msedge.exe (PID: 4880)
      • chrome.exe (PID: 4152)
      • conhost.exe (PID: 716)
      • RuntimeBroker.exe (PID: 8396)
      • backgroundTaskHost.exe (PID: 8952)
      • msedge.exe (PID: 7348)
      • msedge.exe (PID: 9300)
      • msedge.exe (PID: 10212)
      • msedge.exe (PID: 10012)
      • BackgroundTransferHost.exe (PID: 9024)
      • msedge.exe (PID: 8720)
      • msedge.exe (PID: 9316)
      • BackgroundTransferHost.exe (PID: 5544)
      • msedge.exe (PID: 4024)
      • chrome.exe (PID: 7260)
      • msedge.exe (PID: 8656)
      • chrome.exe (PID: 6456)
      • WerFault.exe (PID: 8784)
      • backgroundTaskHost.exe (PID: 5436)
      • backgroundTaskHost.exe (PID: 900)
      • rundll32.exe (PID: 8468)
      • msedge.exe (PID: 9732)

    • RHADAMANTHYS has been detected (SURICATA)

      • svchost.exe (PID: 3124)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 7020)
      • WinRAR.exe (PID: 9552)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 1616)
      • ShellExperienceHost.exe (PID: 2896)
      • msedge.exe (PID: 9316)

    • Application launched itself

      • WinRAR.exe (PID: 1616)
      • msedge.exe (PID: 9316)
      • chrome.exe (PID: 9096)

    • The process creates files with name similar to system file names

      • WinRAR.exe (PID: 7020)

    • Executes application which crashes

      • AppLaunch.exe (PID: 8408)
      • loader.exe (PID: 6532)

    • Connects to unusual port

      • svchost.exe (PID: 5084)
      • svchost.exe (PID: 3124)

    • The process checks if it is being run in the virtual environment

      • svchost.exe (PID: 5084)

    • Multiple wallet extension IDs have been found

      • svchost.exe (PID: 3124)

    • Reads Mozilla Firefox installation path

      • msedge.exe (PID: 9316)

    • Loads DLL from Mozilla Firefox

      • svchost.exe (PID: 3124)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 7348)

    • Reads security settings of Internet Explorer

      • backgroundTaskHost.exe (PID: 8076)
      • backgroundTaskHost.exe (PID: 8952)
      • backgroundTaskHost.exe (PID: 8548)
      • BackgroundTransferHost.exe (PID: 6184)
      • BackgroundTransferHost.exe (PID: 8460)
      • BackgroundTransferHost.exe (PID: 8476)
      • backgroundTaskHost.exe (PID: 8636)
      • backgroundTaskHost.exe (PID: 900)
      • backgroundTaskHost.exe (PID: 8948)
      • BackgroundTransferHost.exe (PID: 9024)
      • BackgroundTransferHost.exe (PID: 5544)

    • Reads the time zone

      • MusNotifyIcon.exe (PID: 9196)

    • Creates files in the program directory

      • MusNotifyIcon.exe (PID: 9196)

    • Checks proxy server information

      • backgroundTaskHost.exe (PID: 8548)
      • BackgroundTransferHost.exe (PID: 8460)
      • chrome.exe (PID: 9096)
      • msedge.exe (PID: 9316)

    • Creates files or folders in the user directory

      • backgroundTaskHost.exe (PID: 8548)
      • BackgroundTransferHost.exe (PID: 8460)
      • backgroundTaskHost.exe (PID: 900)
      • backgroundTaskHost.exe (PID: 6980)
      • WerFault.exe (PID: 8784)

    • Reads the software policy settings

      • backgroundTaskHost.exe (PID: 8548)
      • BackgroundTransferHost.exe (PID: 8460)
      • slui.exe (PID: 8704)
      • slui.exe (PID: 5308)

    • Autorun file from Downloads

      • msedge.exe (PID: 8944)
      • msedge.exe (PID: 8548)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 7348)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7020)
      • msedge.exe (PID: 5680)
      • WinRAR.exe (PID: 9552)

    • The sample compiled with english language support

      • msedge.exe (PID: 5680)
      • WinRAR.exe (PID: 7020)
      • WinRAR.exe (PID: 9552)

    • Checks supported languages

      • ShellExperienceHost.exe (PID: 2896)
      • NеwInst[Х64-86].exe (PID: 668)
      • AppLaunch.exe (PID: 8408)
      • identity_helper.exe (PID: 8380)
      • chrome.exe (PID: 9096)
      • msedge.exe (PID: 9316)
      • wmlaunch.exe (PID: 2576)
      • loader.exe (PID: 6532)

    • Reads the computer name

      • ShellExperienceHost.exe (PID: 2896)
      • NеwInst[Х64-86].exe (PID: 668)
      • chrome.exe (PID: 9096)
      • identity_helper.exe (PID: 8380)
      • msedge.exe (PID: 9316)

    • Reads the machine GUID from the registry

      • NеwInst[Х64-86].exe (PID: 668)
      • chrome.exe (PID: 9096)
      • msedge.exe (PID: 9316)

    • Manual execution by a user

      • AppLaunch.exe (PID: 8408)
      • svchost.exe (PID: 5084)
      • svchost.exe (PID: 3124)

    • Reads Environment values

      • chrome.exe (PID: 9096)
      • identity_helper.exe (PID: 8380)
      • msedge.exe (PID: 9316)

    • Create files in a temporary directory

      • chrome.exe (PID: 9096)
      • msedge.exe (PID: 9316)

    • Process checks computer location settings

      • chrome.exe (PID: 9096)
      • msedge.exe (PID: 9316)

    • Process checks whether UAC notifications are on

      • msedge.exe (PID: 9316)

    • The sample compiled with japanese language support

      • WinRAR.exe (PID: 9552)

    • Loads dropped or rewritten executable

      • WinRAR.exe (PID: 7020)
      • msedge.exe (PID: 8232)
      • msedge.exe (PID: 1912)
      • msedge.exe (PID: 7996)
      • msedge.exe (PID: 8548)
      • msedge.exe (PID: 8196)
      • msedge.exe (PID: 872)
      • msedge.exe (PID: 7380)
      • msedge.exe (PID: 8088)
      • msedge.exe (PID: 1116)
      • msedge.exe (PID: 6244)
      • msedge.exe (PID: 8900)
      • msedge.exe (PID: 664)
      • msedge.exe (PID: 2092)
      • msedge.exe (PID: 8356)
      • msedge.exe (PID: 8472)
      • msedge.exe (PID: 7892)
      • msedge.exe (PID: 7196)
      • msedge.exe (PID: 7840)
      • msedge.exe (PID: 644)
      • WinRAR.exe (PID: 9572)
      • msedge.exe (PID: 3008)
      • msedge.exe (PID: 10004)
      • msedge.exe (PID: 736)
      • msedge.exe (PID: 4016)
      • msedge.exe (PID: 6468)
      • msedge.exe (PID: 9260)
      • msedge.exe (PID: 4724)
      • msedge.exe (PID: 7672)
      • msedge.exe (PID: 8348)
      • msedge.exe (PID: 8032)
      • msedge.exe (PID: 8068)
      • msedge.exe (PID: 9076)
      • msedge.exe (PID: 8704)
      • msedge.exe (PID: 8088)
      • msedge.exe (PID: 7988)
      • msedge.exe (PID: 5328)
      • identity_helper.exe (PID: 8380)
      • msedge.exe (PID: 8944)
      • msedge.exe (PID: 4920)
      • msedge.exe (PID: 8196)
      • WinRAR.exe (PID: 2096)
      • msedge.exe (PID: 1040)
      • msedge.exe (PID: 7936)
      • msedge.exe (PID: 4212)
      • msedge.exe (PID: 8132)
      • msedge.exe (PID: 4452)
      • msedge.exe (PID: 1300)
      • msedge.exe (PID: 7580)
      • msedge.exe (PID: 300)
      • msedge.exe (PID: 8804)
      • msedge.exe (PID: 300)
      • msedge.exe (PID: 3124)
      • msedge.exe (PID: 5680)
      • msedge.exe (PID: 9160)
      • msedge.exe (PID: 6392)
      • msedge.exe (PID: 9380)
      • msedge.exe (PID: 3796)
      • msedge.exe (PID: 2616)
      • msedge.exe (PID: 8676)
      • msedge.exe (PID: 2092)
      • WinRAR.exe (PID: 1616)
      • msedge.exe (PID: 208)
      • msedge.exe (PID: 4776)
      • msedge.exe (PID: 924)
      • msedge.exe (PID: 4436)
      • msedge.exe (PID: 9208)
      • msedge.exe (PID: 2852)
      • WinRAR.exe (PID: 9552)
      • msedge.exe (PID: 8764)
      • msedge.exe (PID: 8376)
      • msedge.exe (PID: 7592)
      • msedge.exe (PID: 8912)
      • msedge.exe (PID: 1244)
      • msedge.exe (PID: 2140)
      • msedge.exe (PID: 9764)
      • msedge.exe (PID: 10112)
      • msedge.exe (PID: 1300)
      • msedge.exe (PID: 9872)
      • msedge.exe (PID: 4428)
      • msedge.exe (PID: 5640)
      • msedge.exe (PID: 2236)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
282
Monitored processes
143
Malicious processes
10
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe msedge.exe no specs msedge.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs winrar.exe no specs msedge.exe no specs winrar.exe msedge.exe shellexperiencehost.exe no specs nеwinst[х64-86].exe no specs #RHADAMANTHYS applaunch.exe #RHADAMANTHYS svchost.exe werfault.exe no specs msedge.exe no specs #RHADAMANTHYS svchost.exe msedge.exe no specs msedge.exe no specs chrome.exe chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe winrar.exe no specs loader.exe wmlaunch.exe no specs conhost.exe no specs backgroundtaskhost.exe no specs runtimebroker.exe no specs backgroundtaskhost.exe no specs backgroundtaskhost.exe no specs backgroundtaskhost.exe no specs backgroundtaskhost.exe no specs runtimebroker.exe no specs backgroundtaskhost.exe backgroundtaskhost.exe no specs backgroundtaskhost.exe no specs backgroundtaskhost.exe no specs musnotifyicon.exe no specs msbuild.exe no specs werfault.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6608 --field-trial-handle=1952,i,10394771304897452025,12939208481148092240,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
300"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4424 --field-trial-handle=1952,i,10394771304897452025,12939208481148092240,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
300"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6304 --field-trial-handle=1952,i,10394771304897452025,12939208481148092240,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
644"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=6744 --field-trial-handle=1952,i,10394771304897452025,12939208481148092240,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
664"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=8992 --field-trial-handle=1952,i,10394771304897452025,12939208481148092240,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
668"C:\Users\admin\AppData\Local\Temp\Rar$EXb7020.36973\Release\NеwInst[Х64-86].exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb7020.36973\Release\NеwInst[Х64-86].exeWinRAR.exe
User:
admin
Company:
MARG
Integrity Level:
MEDIUM
Description:
Loop Email
Exit code:
4294967295
Version:
7.5.2.16634
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb7020.36973\release\nеwinst[х64-86].exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
716\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeloader.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
728"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6396 --field-trial-handle=2408,i,11582309079763131684,16638589200971798605,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
736"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6852 --field-trial-handle=1952,i,10394771304897452025,12939208481148092240,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
872"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=5844 --field-trial-handle=1952,i,10394771304897452025,12939208481148092240,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
65 719
Read events
65 052
Write events
622
Delete events
45

Modification events

(PID) Process:(7348) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(7348) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(7348) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(7348) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(7348) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
BC1ED7C5AA8F2F00
(PID) Process:(7348) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
3579DFC5AA8F2F00
(PID) Process:(7348) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262990
Operation:writeName:WindowTabManagerFileMappingId
Value:
{C46E2903-9014-4D34-8D30-A2FFF11D81ED}
(PID) Process:(7348) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262990
Operation:writeName:WindowTabManagerFileMappingId
Value:
{1690D18D-4B9B-477A-BC92-5863DACF78C1}
(PID) Process:(7348) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262990
Operation:writeName:WindowTabManagerFileMappingId
Value:
{BA5516DA-A26C-4356-A081-9D3A4BE3DA4B}
(PID) Process:(7348) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262990
Operation:writeName:WindowTabManagerFileMappingId
Value:
{35D3AED1-905B-44AF-8D46-50F4D103E15F}
Executable files
329
Suspicious files
1 512
Text files
688
Unknown types
0

Dropped files

PID
Process
Filename
Type
7348msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10b9eb.TMP
MD5:
SHA256:
7348msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
7348msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10b9eb.TMP
MD5:
SHA256:
7348msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
7348msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10b9fb.TMP
MD5:
SHA256:
7348msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10b9fb.TMP
MD5:
SHA256:
7348msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7348msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
7348msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10b9fb.TMP
MD5:
SHA256:
7348msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
42
TCP/UDP connections
557
DNS requests
718
Threats
29

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.166:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
7592
msedge.exe
GET
304
23.209.209.135:80
http://x1.i.lencr.org/
unknown
unknown
7592
msedge.exe
GET
304
2.16.252.233:80
http://r3.i.lencr.org/
unknown
unknown
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
632
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
unknown
8548
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
unknown
8460
BackgroundTransferHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
unknown
7660
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1743003060&P2=404&P3=2&P4=h0kh7%2b%2fmYE%2f1YodWzCGa2NPJV4EPbVqmieKprT9i9XOknEc9MTkazw6FbHTq%2f5z7565QN0r%2flg2Yk%2b81vETZ7A%3d%3d
unknown
unknown
632
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
unknown
7660
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1743003060&P2=404&P3=2&P4=h0kh7%2b%2fmYE%2f1YodWzCGa2NPJV4EPbVqmieKprT9i9XOknEc9MTkazw6FbHTq%2f5z7565QN0r%2flg2Yk%2b81vETZ7A%3d%3d
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:137
unknown
5496
MoUsoCoreWorker.exe
23.48.23.166:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
4
System
192.168.100.255:138
unknown
5496
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
7592
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
7592
msedge.exe
216.58.206.46:443
www.youtube.com
unknown
7348
msedge.exe
239.255.255.250:1900
unknown
7592
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
7592
msedge.exe
142.250.186.67:443
fonts.gstatic.com
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.142
unknown
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
unknown
crl.microsoft.com
  • 23.48.23.166
  • 23.48.23.164
  • 23.48.23.143
  • 23.48.23.176
unknown
config.edge.skype.com
  • 13.107.42.16
unknown
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
  • 13.107.21.239
  • 204.79.197.239
unknown
youtube.com
  • 142.250.185.142
  • 142.250.186.142
unknown
business.bing.com
  • 13.107.6.158
unknown
edge-mobile-static.azureedge.net
  • 13.107.253.44
unknown
www.youtube.com
  • 216.58.206.46
  • 172.217.18.14
  • 142.250.186.46
  • 216.58.212.142
  • 142.250.181.238
  • 172.217.23.110
  • 142.250.186.174
  • 142.250.186.78
  • 142.250.186.110
  • 142.250.184.206
  • 142.250.186.142
  • 172.217.16.206
  • 216.58.206.78
  • 142.250.184.238
  • 172.217.16.142
  • 216.58.212.174
  • 142.250.185.78
  • 142.250.185.142
  • 142.250.74.206
  • 142.250.185.110
unknown
bzib.nelreports.net
  • 23.48.23.46
  • 23.48.23.51
unknown

Threats

PID
Process
Class
Message
7592
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
7592
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
7592
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
7592
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
7592
msedge.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
7592
msedge.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
7592
msedge.exe
Potentially Bad Traffic
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
7592
msedge.exe
Potentially Bad Traffic
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
7592
msedge.exe
Potentially Bad Traffic
ET INFO Suspicious Domain (polyfill .io) in DNS Lookup
7592
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
youtube.com