download:

/file/d/1X-3QO2fwOCz4SZV0e-M-uyGShC3zKomq/view

Full analysis: https://app.any.run/tasks/78de550a-6752-4416-850d-4888f414d684
Verdict: Malicious activity
Analysis date: February 26, 2026, 15:43:28
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
smb
delphi
Indicators:
MIME: text/html
File info: HTML document, ASCII text, with very long lines (49723)
MD5:

EC901623AAE5A3B624CAA5B8FD7C7CAB

SHA1:

5F9BDD40010780E7EECB67F6A95EB7706B7B921E

SHA256:

4F70D70A6D5839EA0E9837676228C8C28D4A22F7CA46708A6851E0B1DAA462FC

SSDEEP:

1536:T36i1scAUhaqYTU2Uex6T/Rp6T/RAWrh2:SkWrA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • AcrobatPro.exe (PID: 4788)

  • SUSPICIOUS

    • Drops 7-zip archiver for unpacking

      • AcrobatPro.exe (PID: 4788)

    • Executable content was dropped or overwritten

      • AcrobatPro.exe (PID: 4788)
      • amtemu.v0.9.1-painter.exe (PID: 6936)
      • dllhost.exe (PID: 2620)
      • amtemu.v0.9.1-painter.exe (PID: 9072)

  • INFO

    • Reads Environment values

      • identity_helper.exe (PID: 5012)

    • Application launched itself

      • msedge.exe (PID: 3516)

    • Reads the computer name

      • identity_helper.exe (PID: 5012)
      • AcrobatPro.exe (PID: 4788)
      • amtemu.v0.9.1-painter.exe (PID: 6936)
      • amtemu.v0.9.1-painter.exe (PID: 9072)

    • Drops script file

      • msedge.exe (PID: 4664)

    • Checks supported languages

      • identity_helper.exe (PID: 5012)
      • AcrobatPro.exe (PID: 4788)
      • amtemu.v0.9.1-painter.exe (PID: 6936)
      • amtemu.v0.9.1-painter.exe (PID: 9072)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7256)

    • The sample compiled with russian language support

      • WinRAR.exe (PID: 7256)
      • amtemu.v0.9.1-painter.exe (PID: 6936)
      • dllhost.exe (PID: 2620)
      • amtemu.v0.9.1-painter.exe (PID: 9072)

    • Manual execution by a user

      • notepad.exe (PID: 7856)
      • AcrobatPro.exe (PID: 4788)
      • msiexec.exe (PID: 2092)
      • amtemu.v0.9.1-painter.exe (PID: 3212)
      • amtemu.v0.9.1-painter.exe (PID: 6936)
      • notepad.exe (PID: 5900)
      • amtemu.v0.9.1-painter.exe (PID: 9072)
      • amtemu.v0.9.1-painter.exe (PID: 6952)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 7856)
      • notepad.exe (PID: 5900)
      • dllhost.exe (PID: 2620)
      • amtemu.v0.9.1-painter.exe (PID: 9072)

    • Create files in a temporary directory

      • AcrobatPro.exe (PID: 4788)
      • amtemu.v0.9.1-painter.exe (PID: 6936)
      • amtemu.v0.9.1-painter.exe (PID: 9072)

    • The sample compiled with english language support

      • AcrobatPro.exe (PID: 4788)

    • There is functionality for taking screenshot (YARA)

      • AcrobatPro.exe (PID: 4788)
      • amtemu.v0.9.1-painter.exe (PID: 6936)
      • amtemu.v0.9.1-painter.exe (PID: 9072)

    • Compiled with Borland Delphi (YARA)

      • notepad.exe (PID: 7856)
      • AcrobatPro.exe (PID: 4788)
      • amtemu.v0.9.1-painter.exe (PID: 6936)
      • amtemu.v0.9.1-painter.exe (PID: 9072)

    • Checks proxy server information

      • slui.exe (PID: 8780)

    • Creates files in the program directory

      • dllhost.exe (PID: 2620)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
212
Monitored processes
54
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs notepad.exe no specs acrobatpro.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msiexec.exe no specs amtemu.v0.9.1-painter.exe no specs amtemu.v0.9.1-painter.exe notepad.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs Copy/Move/Rename/Delete/Link Object amtemu.v0.9.1-painter.exe no specs amtemu.v0.9.1-painter.exe msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
864"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5992,i,5854264104219867924,13309961952741395934,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1232"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=8088,i,5854264104219867924,13309961952741395934,262144 --variations-seed-version --mojo-platform-channel-handle=7368 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1324"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7468,i,5854264104219867924,13309961952741395934,262144 --variations-seed-version --mojo-platform-channel-handle=7512 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
1424"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=7500,i,5854264104219867924,13309961952741395934,262144 --variations-seed-version --mojo-platform-channel-handle=7400 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1948"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=4644,i,5854264104219867924,13309961952741395934,262144 --variations-seed-version --mojo-platform-channel-handle=7092 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2092"C:\WINDOWS\System32\msiexec.exe" /p "C:\Users\admin\Downloads\Adobe Acrobat XI Pro 11.0.20 + Crack [Tech-Tools.ME]\Adobe Acrobat XI Pro 11.0.20 + Crack [Tech-Tools.ME]\AcrobatUpd11020.msp" C:\Windows\System32\msiexec.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
1642
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2352"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=1460,i,5854264104219867924,13309961952741395934,262144 --variations-seed-version --mojo-platform-channel-handle=7732 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2360"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=8168,i,5854264104219867924,13309961952741395934,262144 --variations-seed-version --mojo-platform-channel-handle=7436 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2368"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5744,i,5854264104219867924,13309961952741395934,262144 --variations-seed-version --mojo-platform-channel-handle=6516 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2424"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5708,i,5854264104219867924,13309961952741395934,262144 --variations-seed-version --mojo-platform-channel-handle=6328 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
10 951
Read events
10 747
Write events
181
Delete events
23

Modification events

(PID) Process:(7256) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(7256) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(7256) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Downloads\chromium_build 1.zip
(PID) Process:(7256) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Downloads\Adobe Acrobat XI Pro 11.0.20 + Crack [Tech-Tools.ME].rar
(PID) Process:(7256) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(7256) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(7256) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(7256) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(7256) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:15
Value:
(PID) Process:(7256) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:14
Value:
Executable files
10
Suspicious files
61
Text files
307
Unknown types
52

Dropped files

PID
Process
Filename
Type
3516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG.oldtext
MD5:66B6E4A659E9C4EC86996B15B03C1B72
SHA256:D0E0C6DB51B94FE5424DDBE62FEE2CA12616FED7F9FAE9ED4CCF121EF74DE3A3
3516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG.old~RF1e93f1.TMPtext
MD5:420DC4935947C93E84887B4A2365441A
SHA256:D013CF4212CFF86F9AF45C51CDB8B9EFA5A494005420E100AEC8F9E9B9A290E4
3516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF1e7d4c.TMPbinary
MD5:53584C64B10D57E9AC5E7805B45A2CD3
SHA256:13E74959A86FD382CB7D5B31E063240F3F34F49DEDF2B153DB357304CFE36CF8
3516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferencestext
MD5:85B5BB3EF96C551393D1DE583E82F30C
SHA256:1B294ACBE3947DE02599C7AB96EE99871957423376B82654D7063A95FF2BB306
6284msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\0c7969cc-f0d1-4974-b11d-6c4017f8d264.tmptext
MD5:20D4B8FA017A12A108C87F540836E250
SHA256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
6284msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionariestext
MD5:20D4B8FA017A12A108C87F540836E250
SHA256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
3516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State~RF1e7d5b.TMPtext
MD5:46CC90B2E30B5A018F90E288FA305B79
SHA256:10A48AF98C305AA9EDBAA06D3CD16A14E5CCD5DDC11E45693D9596743ABAF205
3516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.oldtext
MD5:60B022E370530706D5EEF7F65B77469D
SHA256:A4389455D98164F482A33C337BEF859D49A2EA5C1B6234A8C24CE9C917D9EBDA
3516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.logtext
MD5:3B9B41EBD20B34D1446493481E97F380
SHA256:4C922BB738304A5731851F474E245B002F273ECD1F0DE71B29CE80775AEA7B74
3516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\9b4af617-d814-47b0-9a3a-06e368cba8e6.tmptext
MD5:44C46C0640048BDE343262485595D03F
SHA256:B781EEEC8B2D33F70F0FA83107C2266353249BBCBE94E9FBC96FB14B44E47643
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
199
TCP/UDP connections
98
DNS requests
118
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6284
msedge.exe
OPTIONS
200
172.217.171.42:443
https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
unknown
whitelisted
6284
msedge.exe
GET
200
216.58.215.142:443
https://drive.google.com/auth_warmup
unknown
whitelisted
6284
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:Jm8OR2lNvCz_2j4340XooR78n5ZYtk67DaWkxTufRiA&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
356
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
8124
svchost.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6284
msedge.exe
OPTIONS
200
142.251.140.238:443
https://play.google.com/log?format=json&hasfast=true
unknown
whitelisted
8124
svchost.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6284
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=66&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1772120619&lafgdate=0
unknown
text
4.47 Kb
whitelisted
6284
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
binary
446 b
whitelisted
6284
msedge.exe
GET
200
142.250.74.74:443
https://fonts.googleapis.com/css2?family=Google+Material+Icons:wght@400;500;700
unknown
text
630 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4256
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
6768
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8124
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
6284
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6284
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6284
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6284
msedge.exe
172.217.17.3:443
www.gstatic.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
  • 20.73.194.208
whitelisted
google.com
  • 172.217.20.238
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
api.edgeoffer.microsoft.com
  • 13.107.246.44
  • 13.107.213.44
whitelisted
copilot.microsoft.com
  • 104.18.22.222
  • 104.18.23.222
whitelisted
www.gstatic.com
  • 172.217.17.3
whitelisted
fonts.googleapis.com
  • 142.250.74.74
whitelisted
fonts.gstatic.com
  • 172.217.20.227
whitelisted

Threats

PID
Process
Class
Message
4
System
Not Suspicious Traffic
INFO [ANY.RUN] Possible SMB Connection Attempt
8124
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/file/d/1X-3QO2fwOCz4SZV0e-M-uyGShC3zKomq/view