URL:

adblock360.com

Full analysis: https://app.any.run/tasks/fdbcebe1-ca39-4300-ae8f-8c7ad640f8b6
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 19, 2025, 15:59:07
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto
generic
loader
Indicators:
MD5:

19F9248DBB1951160814E5B8EB4BC528

SHA1:

F920436D74F301A024FC09CC442174DDDD1AC8E2

SHA256:

64EB1DB0FF4A57E8F217E50F2EED850A09F51EC4F9132131D851CFBEBC718D27

SSDEEP:

3:oHJK6yT:opKP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GENERIC has been found (auto)

      • msedge.exe (PID: 7920)
      • msedge.exe (PID: 7592)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 8936)

    • Potential DLL hijacking behavior detected

      • msedgewebview2.exe (PID: 2144)

  • SUSPICIOUS

    • Reads the date of Windows installation

      • AdBlock360Setup.exe (PID: 8632)

    • Reads security settings of Internet Explorer

      • AdBlock360Setup.exe (PID: 8632)
      • AdBlock360Setup.exe (PID: 8716)
      • msiexec.exe (PID: 9044)
      • AdBlock360Svc.exe (PID: 8524)
      • MicrosoftEdgeUpdate.exe (PID: 8936)
      • MicrosoftEdgeUpdate.exe (PID: 3400)
      • msedgewebview2.exe (PID: 5356)
      • AdBlock360.exe (PID: 8236)

    • Application launched itself

      • AdBlock360Setup.exe (PID: 8632)
      • msiexec.exe (PID: 8984)
      • setup.exe (PID: 8372)
      • MicrosoftEdgeUpdate.exe (PID: 3400)
      • msedgewebview2.exe (PID: 5356)

    • Executes as Windows Service

      • VSSVC.exe (PID: 8304)
      • AdBlock360Svc.exe (PID: 8524)

    • Executable content was dropped or overwritten

      • rundll32.exe (PID: 5336)
      • rundll32.exe (PID: 8236)
      • rundll32.exe (PID: 6176)
      • rundll32.exe (PID: 2600)
      • rundll32.exe (PID: 8276)
      • rundll32.exe (PID: 2668)
      • rundll32.exe (PID: 7732)
      • rundll32.exe (PID: 9032)
      • rundll32.exe (PID: 8420)
      • rundll32.exe (PID: 2096)
      • rundll32.exe (PID: 7732)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1868)
      • AdBlock360.exe (PID: 8236)
      • MicrosoftEdgeUpdate.exe (PID: 8936)
      • MicrosoftEdge_X64_143.0.3650.96.exe (PID: 9100)
      • setup.exe (PID: 8372)

    • Uses RUNDLL32.EXE to load library

      • msiexec.exe (PID: 8240)
      • msiexec.exe (PID: 7512)

    • Searches for installed software

      • rundll32.exe (PID: 8276)
      • rundll32.exe (PID: 6176)
      • setup.exe (PID: 8372)

    • Drops a system driver (possible attempt to evade defenses)

      • msiexec.exe (PID: 8984)

    • The process executes via Task Scheduler

      • AdBlock360Updater.exe (PID: 7208)
      • AdBlock360Updater.exe (PID: 4508)

    • There is functionality for taking screenshot (YARA)

      • msiexec.exe (PID: 9044)

    • Process drops legitimate windows executable

      • AdBlock360.exe (PID: 8236)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1868)
      • MicrosoftEdgeUpdate.exe (PID: 8936)
      • setup.exe (PID: 8372)
      • MicrosoftEdge_X64_143.0.3650.96.exe (PID: 9100)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 1868)
      • MicrosoftEdgeUpdate.exe (PID: 8936)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 8936)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4968)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3004)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6208)
      • MicrosoftEdgeUpdate.exe (PID: 8960)

  • INFO

    • The sample compiled with english language support

      • msedge.exe (PID: 7920)
      • msedge.exe (PID: 7592)
      • msiexec.exe (PID: 8984)
      • AdBlock360.exe (PID: 8236)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1868)
      • MicrosoftEdgeUpdate.exe (PID: 8936)
      • MicrosoftEdge_X64_143.0.3650.96.exe (PID: 9100)
      • setup.exe (PID: 8372)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 7920)
      • msedge.exe (PID: 7592)
      • msiexec.exe (PID: 8804)
      • msiexec.exe (PID: 9044)
      • msiexec.exe (PID: 8984)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 7592)

    • Checks supported languages

      • identity_helper.exe (PID: 2844)
      • AdBlock360Setup.exe (PID: 8632)
      • AdBlock360Setup.exe (PID: 8716)
      • msiexec.exe (PID: 8984)
      • msiexec.exe (PID: 9044)
      • msiexec.exe (PID: 7512)
      • AdBlock360Svc.exe (PID: 4508)
      • msiexec.exe (PID: 8240)
      • AdBlock360Svc.exe (PID: 2708)
      • AdBlock360Updater.exe (PID: 7208)
      • AdBlock360Svc.exe (PID: 8524)
      • AdBlock360Updater.exe (PID: 4508)
      • AdBlock360.exe (PID: 8236)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1868)
      • MicrosoftEdgeUpdate.exe (PID: 8936)
      • MicrosoftEdgeUpdate.exe (PID: 8960)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4968)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3004)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6208)
      • MicrosoftEdgeUpdate.exe (PID: 5704)
      • MicrosoftEdgeUpdate.exe (PID: 7108)
      • MicrosoftEdgeUpdate.exe (PID: 3400)
      • MicrosoftEdge_X64_143.0.3650.96.exe (PID: 9100)
      • setup.exe (PID: 2844)
      • MicrosoftEdgeUpdate.exe (PID: 4344)
      • msedgewebview2.exe (PID: 5356)
      • setup.exe (PID: 8372)
      • msedgewebview2.exe (PID: 7832)
      • msedgewebview2.exe (PID: 2144)
      • msedgewebview2.exe (PID: 6188)
      • msedgewebview2.exe (PID: 8764)
      • msedgewebview2.exe (PID: 8836)

    • Application launched itself

      • msedge.exe (PID: 7592)

    • Reads the computer name

      • AdBlock360Setup.exe (PID: 8632)
      • identity_helper.exe (PID: 2844)
      • AdBlock360Setup.exe (PID: 8716)
      • msiexec.exe (PID: 8984)
      • msiexec.exe (PID: 9044)
      • msiexec.exe (PID: 8240)
      • msiexec.exe (PID: 7512)
      • AdBlock360Svc.exe (PID: 4508)
      • AdBlock360Svc.exe (PID: 2708)
      • AdBlock360Svc.exe (PID: 8524)
      • AdBlock360Updater.exe (PID: 7208)
      • AdBlock360.exe (PID: 8236)
      • AdBlock360Updater.exe (PID: 4508)
      • MicrosoftEdgeUpdate.exe (PID: 8960)
      • MicrosoftEdgeUpdate.exe (PID: 8936)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4968)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3004)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6208)
      • MicrosoftEdgeUpdate.exe (PID: 5704)
      • MicrosoftEdgeUpdate.exe (PID: 7108)
      • MicrosoftEdgeUpdate.exe (PID: 3400)
      • MicrosoftEdge_X64_143.0.3650.96.exe (PID: 9100)
      • MicrosoftEdgeUpdate.exe (PID: 4344)
      • setup.exe (PID: 8372)
      • msedgewebview2.exe (PID: 5356)
      • msedgewebview2.exe (PID: 2144)
      • msedgewebview2.exe (PID: 6188)

    • Reads Environment values

      • identity_helper.exe (PID: 2844)
      • AdBlock360.exe (PID: 8236)
      • MicrosoftEdgeUpdate.exe (PID: 5704)
      • MicrosoftEdgeUpdate.exe (PID: 4344)
      • msedgewebview2.exe (PID: 5356)

    • Process checks computer location settings

      • AdBlock360Setup.exe (PID: 8632)
      • MicrosoftEdgeUpdate.exe (PID: 8936)
      • setup.exe (PID: 8372)
      • msedgewebview2.exe (PID: 5356)
      • msedgewebview2.exe (PID: 8836)

    • Create files in a temporary directory

      • AdBlock360Setup.exe (PID: 8716)
      • msiexec.exe (PID: 8804)
      • msiexec.exe (PID: 9044)
      • AdBlock360.exe (PID: 8236)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1868)
      • msedgewebview2.exe (PID: 5356)

    • Creates files or folders in the user directory

      • AdBlock360Setup.exe (PID: 8716)
      • MicrosoftEdgeUpdate.exe (PID: 8936)
      • MicrosoftEdgeUpdate.exe (PID: 3400)
      • MicrosoftEdge_X64_143.0.3650.96.exe (PID: 9100)
      • setup.exe (PID: 2844)
      • setup.exe (PID: 8372)
      • msedgewebview2.exe (PID: 5356)
      • msedgewebview2.exe (PID: 7832)
      • msedgewebview2.exe (PID: 6188)

    • Reads the machine GUID from the registry

      • AdBlock360Setup.exe (PID: 8716)
      • msiexec.exe (PID: 9044)
      • AdBlock360Svc.exe (PID: 8524)
      • AdBlock360Updater.exe (PID: 7208)
      • AdBlock360Updater.exe (PID: 4508)
      • AdBlock360.exe (PID: 8236)
      • MicrosoftEdgeUpdate.exe (PID: 3400)
      • msedgewebview2.exe (PID: 5356)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 8804)
      • rundll32.exe (PID: 2668)

    • Manages system restore points

      • SrTasks.exe (PID: 8908)

    • Checks proxy server information

      • AdBlock360Setup.exe (PID: 8716)
      • AdBlock360Svc.exe (PID: 8524)
      • MicrosoftEdgeUpdate.exe (PID: 5704)
      • MicrosoftEdgeUpdate.exe (PID: 3400)
      • slui.exe (PID: 8892)
      • MicrosoftEdgeUpdate.exe (PID: 4344)
      • msedgewebview2.exe (PID: 5356)

    • Creates files in the program directory

      • AdBlock360Svc.exe (PID: 4508)
      • AdBlock360Svc.exe (PID: 8524)
      • AdBlock360Updater.exe (PID: 7208)
      • AdBlock360Updater.exe (PID: 4508)
      • AdBlock360.exe (PID: 8236)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 8936)

    • Creates a software uninstall entry

      • setup.exe (PID: 8372)

    • Reads CPU info

      • msedgewebview2.exe (PID: 5356)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
241
Monitored processes
88
Malicious processes
8
Suspicious processes
2

Behavior graph

Click at the process to see the details
start #GENERIC msedge.exe msedge.exe no specs msedge.exe no specs #GENERIC msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs adblock360setup.exe no specs adblock360setup.exe msiexec.exe msiexec.exe msiexec.exe vssvc.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs rundll32.exe rundll32.exe rundll32.exe rundll32.exe msiexec.exe no specs rundll32.exe rundll32.exe rundll32.exe adblock360svc.exe no specs conhost.exe no specs rundll32.exe adblock360svc.exe no specs conhost.exe no specs adblock360svc.exe rundll32.exe rundll32.exe rundll32.exe adblock360updater.exe conhost.exe no specs adblock360updater.exe conhost.exe no specs slui.exe adblock360.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe msedge.exe no specs microsoftedge_x64_143.0.3650.96.exe setup.exe setup.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgeupdate.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
816"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6036,i,6942948341702135757,3943406635046374127,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1296"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=1364,i,6942948341702135757,3943406635046374127,262144 --variations-seed-version --mojo-platform-channel-handle=6012 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1752"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4272,i,6942948341702135757,3943406635046374127,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1868C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
AdBlock360.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Exit code:
0
Version:
1.3.213.7
Modules
Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
2096rundll32.exe "C:\WINDOWS\Installer\MSI7CCD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1080734 100 WixSharp!WixSharp.ManagedProjectActions.CancelRequestHandlerC:\Windows\System32\rundll32.exe
msiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
2144"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\143.0.3650.96\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Roaming\AdBlock360.exe\EBWebView" --webview-exe-name=AdBlock360.exe --webview-exe-version=4.0.1.0110 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-pre-read-main-dll --force-high-res-timeticks=disabled --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --startup-read-main-dll --metrics-shmem-handle=1740,i,4201752784286951695,347236347740082996,262144 --field-trial-handle=1916,i,7442266268076956289,2456603814804706624,262144 --disable-features=msSmartScreenProtection --variations-seed-version --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=1912 /prefetch:2C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\143.0.3650.96\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
143.0.3650.96
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\143.0.3650.96\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\143.0.3650.96\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
2212"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=3992,i,6942948341702135757,3943406635046374127,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2432"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6284,i,6942948341702135757,3943406635046374127,262144 --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2600rundll32.exe "C:\WINDOWS\Installer\MSI5EEC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1072984 11 Adblock360Wix!Adblock360Wix.CustomActions.SetOriginalUserInfoC:\Windows\System32\rundll32.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
2668rundll32.exe "C:\WINDOWS\Installer\MSI64AA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1074421 30 Adblock360Wix!Adblock360Wix.CustomActions.ShutdownAppC:\Windows\System32\rundll32.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
Total events
36 100
Read events
34 170
Write events
1 854
Delete events
76

Modification events

(PID) Process:(8716) AdBlock360Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(8716) AdBlock360Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(8716) AdBlock360Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(8984) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages
Operation:writeName:C:\Users\admin\AppData\Local\Temp\MSI6897
Value:
2
(PID) Process:(8984) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
480000000000000063C4E8780071DC01182300008C200000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(8984) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
4800000000000000523AFF780071DC01182300008C200000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(8984) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4800000000000000820F9C780071DC01182300008C200000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(8984) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
4800000000000000B25D9C780071DC01182300008C200000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(8984) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000CF34E8780071DC01182300008C200000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(8984) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000CF34E8780071DC01182300008C200000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
310
Suspicious files
241
Text files
433
Unknown types
0

Dropped files

PID
Process
Filename
Type
7592msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFfddb4.TMP
MD5:
SHA256:
7592msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFfddb4.TMP
MD5:
SHA256:
7592msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7592msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
7592msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFfddc4.TMP
MD5:
SHA256:
7592msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
7592msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFfddd4.TMP
MD5:
SHA256:
7592msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFfddd4.TMP
MD5:
SHA256:
7592msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
7592msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
273
TCP/UDP connections
152
DNS requests
138
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7920
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=65&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1741678270&lafgdate=0
US
text
768 b
unknown
7920
msedge.exe
GET
200
18.245.46.34:443
https://adblock360.com/_astro/ClientRouter.astro_astro_type_script_index_0_lang.CpWSLont.js
US
text
1.63 Kb
unknown
7920
msedge.exe
GET
200
18.245.46.34:443
https://adblock360.com/assets/fonts/Manrope/300.woff2
US
binary
30.3 Kb
unknown
7920
msedge.exe
GET
200
18.245.46.34:443
https://adblock360.com/assets/fonts/Inter/500.woff2
US
binary
35.2 Kb
unknown
7920
msedge.exe
GET
200
18.245.46.34:443
https://adblock360.com/
US
html
89.6 Kb
unknown
7920
msedge.exe
GET
200
18.245.46.34:443
https://adblock360.com/assets/fonts/Manrope/600.woff2
US
binary
13.8 Kb
unknown
7920
msedge.exe
GET
200
18.245.46.34:443
https://adblock360.com/assets/fonts/Inter/400.woff2
US
binary
34.5 Kb
unknown
7920
msedge.exe
GET
200
18.245.46.34:443
https://adblock360.com/_astro/page.sN3tJsal.js
US
text
40 b
unknown
7920
msedge.exe
GET
200
18.245.46.34:443
https://adblock360.com/_astro/Layout.astro_astro_type_script_index_0_lang.C4lte6XR.js
US
text
123 b
unknown
7920
msedge.exe
GET
200
18.245.46.34:443
https://adblock360.com/_astro/windows-image.BCw04UuO_1S4hKK.webp
US
image
19.5 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1600
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
6768
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3516
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7920
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7920
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7920
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7920
msedge.exe
18.245.46.34:80
adblock360.com
AMAZON-02
US
whitelisted
7920
msedge.exe
104.18.22.222:443
copilot.microsoft.com
CLOUDFLARENET
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
google.com
  • 142.250.74.206
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
adblock360.com
  • 18.245.46.34
  • 18.245.46.100
  • 18.245.46.95
  • 18.245.46.75
unknown
copilot.microsoft.com
  • 104.18.22.222
  • 104.18.23.222
whitelisted
www.bing.com
  • 2.16.204.144
  • 2.16.204.138
  • 2.16.204.146
  • 2.16.204.143
  • 2.16.204.136
  • 2.16.204.137
  • 2.16.204.139
  • 2.16.204.140
  • 2.16.204.147
  • 2.16.204.135
  • 2.16.204.160
  • 2.16.204.161
  • 2.16.204.134
  • 2.16.204.141
  • 2.16.204.151
  • 2.16.204.152
  • 2.16.204.149
  • 2.16.204.153
whitelisted
cdn-4.convertexperiments.com
  • 104.82.101.18
whitelisted
load.hasj23h.adblock360.com
  • 104.17.94.19
  • 104.17.95.19
unknown
trc.adblock360.com
  • 13.226.244.38
  • 13.226.244.59
  • 13.226.244.82
  • 13.226.244.77
unknown

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO PE EXE or DLL Windows file download HTTP
Potentially Bad Traffic
ET INFO Executable served from Amazon S3
Misc activity
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
Misc activity
ET INFO Observed UA-CPU Header
8252
svchost.exe
Misc activity
ET INFO Packed Executable Download
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming directory exists )
AdBlock360.exe
Warning: AddWebResourceRequestedFilter without SourceKind parameter is deprecated! It does not behave as expected for iframes.Please use AddWebResourceRequestedFilterWithRequestSourceKinds instead. For more information, please see https://go.microsoft.com/fwlink/?linkid=2286319
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
adblock360.com