URL:

getintopc.com

Full analysis: https://app.any.run/tasks/895ce2d5-d4c4-47e8-b8e6-d94f6244c3d1
Verdict: Malicious activity
Analysis date: January 15, 2025, 02:50:20
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
opendir
jeefo
fsg
Indicators:
MD5:

E48B3D5452E5DDEE0455AE94A7A19907

SHA1:

B8876041AA5C6FF9590759AB21E5AD6C67CEEEFB

SHA256:

68EC1AA22BF2002DD18186C3CF10F0572DFDD31DC0B8A910C6737C4E076DE45C

SSDEEP:

3:IpLdIn:IM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • smadav2024rev152.tmp (PID: 7600)
      • SMΔRTP.exe (PID: 5036)
      • smadav2025rev1530.tmp (PID: 8168)

    • Changes the autorun value in the registry

      • SMΔRTP.exe (PID: 5036)

    • JEEFO has been detected

      • SMΔRTP.exe (PID: 5036)
      • SMΔRTP.exe (PID: 3920)
      • SMΔRTP.exe (PID: 8072)

    • Uses Task Scheduler to run other applications

      • SMΔRTP.exe (PID: 5036)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • smadav2024rev152.exe (PID: 1296)
      • smadav2024rev152.exe (PID: 7128)
      • smadav2024rev152.tmp (PID: 7600)
      • SMΔRTP.exe (PID: 5036)
      • smadav2025rev1530.exe (PID: 7108)
      • smadav2025rev1530.exe (PID: 6964)
      • smadav2025rev1530.tmp (PID: 8168)

    • Reads security settings of Internet Explorer

      • smadav2024rev152.tmp (PID: 8136)
      • smadav2024rev152.tmp (PID: 7600)
      • SMΔRTP.exe (PID: 5036)
      • smadav2025rev1530.tmp (PID: 7680)
      • smadav2025rev1530.tmp (PID: 8168)
      • SMΔRTP.exe (PID: 8072)
      • SMΔRTP.exe (PID: 3920)

    • Process drops legitimate windows executable

      • smadav2024rev152.tmp (PID: 7600)
      • smadav2025rev1530.tmp (PID: 8168)

    • The process verifies whether the antivirus software is installed

      • smadav2024rev152.tmp (PID: 7600)
      • schtasks.exe (PID: 6736)
      • conhost.exe (PID: 6728)
      • SmadavProtect64.exe (PID: 7748)
      • SMΔRTP.exe (PID: 5308)
      • SMΔRTP.exe (PID: 5036)
      • msedge.exe (PID: 8060)
      • regsvr32.exe (PID: 8024)
      • schtasks.exe (PID: 2548)
      • smadav2025rev1530.tmp (PID: 8168)
      • SmadavProtect64.exe (PID: 7716)
      • SMΔRTP.exe (PID: 8072)
      • SMΔRTP.exe (PID: 3920)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 1612)
      • regsvr32.exe (PID: 8092)
      • regsvr32.exe (PID: 1356)

    • Searches for installed software

      • smadav2024rev152.tmp (PID: 7600)
      • smadav2025rev1530.tmp (PID: 8168)

    • Application launched itself

      • SMΔRTP.exe (PID: 5036)
      • SMΔRTP.exe (PID: 8072)

    • Checks Windows Trust Settings

      • SMΔRTP.exe (PID: 5036)
      • SMΔRTP.exe (PID: 8072)
      • SMΔRTP.exe (PID: 3920)

    • Reads the Windows owner or organization settings

      • smadav2025rev1530.tmp (PID: 8168)

    • Uses TASKKILL.EXE to kill process

      • smadav2025rev1530.tmp (PID: 8168)

    • Reads Microsoft Outlook installation path

      • SMΔRTP.exe (PID: 3920)

    • Creates file in the systems drive root

      • SMΔRTP.exe (PID: 3920)

  • INFO

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 6756)

    • The process uses the downloaded file

      • msedge.exe (PID: 2600)
      • WinRAR.exe (PID: 7384)
      • smadav2024rev152.tmp (PID: 7600)
      • SMΔRTP.exe (PID: 5036)
      • msedge.exe (PID: 2412)
      • smadav2025rev1530.tmp (PID: 8168)
      • SMΔRTP.exe (PID: 8072)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 7384)
      • msedge.exe (PID: 7692)
      • smadav2024rev152.tmp (PID: 7600)
      • SMΔRTP.exe (PID: 5036)
      • smadav2025rev1530.tmp (PID: 8168)

    • Reads the computer name

      • identity_helper.exe (PID: 7720)
      • smadav2024rev152.tmp (PID: 8136)
      • smadav2024rev152.tmp (PID: 7600)
      • SmadavProtect64.exe (PID: 7748)
      • SMΔRTP.exe (PID: 5308)
      • SMΔRTP.exe (PID: 5036)
      • smadav2025rev1530.tmp (PID: 7680)
      • smadav2025rev1530.tmp (PID: 8168)
      • SmadavProtect64.exe (PID: 7716)
      • SMΔRTP.exe (PID: 8072)
      • SMΔRTP.exe (PID: 3920)

    • Checks supported languages

      • smadav2024rev152.tmp (PID: 8136)
      • identity_helper.exe (PID: 7720)
      • smadav2024rev152.exe (PID: 1296)
      • smadav2024rev152.tmp (PID: 7600)
      • SMΔRTP.exe (PID: 5036)
      • smadav2024rev152.exe (PID: 7128)
      • SmadavProtect64.exe (PID: 7748)
      • SMΔRTP.exe (PID: 5308)
      • smadav2025rev1530.tmp (PID: 7680)
      • smadav2025rev1530.exe (PID: 6964)
      • smadav2025rev1530.tmp (PID: 8168)
      • smadav2025rev1530.exe (PID: 7108)
      • SMΔRTP.exe (PID: 3920)
      • SMΔRTP.exe (PID: 8072)
      • SmadavProtect64.exe (PID: 7716)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7384)
      • msedge.exe (PID: 7692)
      • msedge.exe (PID: 2412)
      • msedge.exe (PID: 6372)

    • Manual execution by a user

      • notepad.exe (PID: 6756)
      • smadav2024rev152.exe (PID: 1296)
      • WinRAR.exe (PID: 7384)

    • Create files in a temporary directory

      • smadav2024rev152.exe (PID: 1296)
      • smadav2024rev152.exe (PID: 7128)
      • smadav2024rev152.tmp (PID: 7600)
      • SMΔRTP.exe (PID: 5308)
      • smadav2025rev1530.tmp (PID: 8168)
      • smadav2025rev1530.exe (PID: 6964)
      • SMΔRTP.exe (PID: 3920)

    • Reads Environment values

      • identity_helper.exe (PID: 7720)

    • Process checks computer location settings

      • smadav2024rev152.tmp (PID: 8136)
      • SMΔRTP.exe (PID: 5036)
      • smadav2025rev1530.tmp (PID: 7680)
      • smadav2025rev1530.tmp (PID: 8168)
      • SMΔRTP.exe (PID: 8072)

    • Application launched itself

      • msedge.exe (PID: 2412)

    • The sample compiled with Indonesian language support

      • smadav2024rev152.tmp (PID: 7600)
      • smadav2025rev1530.tmp (PID: 8168)

    • Creates files in the program directory

      • smadav2024rev152.tmp (PID: 7600)
      • SMΔRTP.exe (PID: 5036)
      • smadav2025rev1530.tmp (PID: 8168)

    • Creates a software uninstall entry

      • smadav2024rev152.tmp (PID: 7600)
      • smadav2025rev1530.tmp (PID: 8168)

    • Creates files or folders in the user directory

      • SMΔRTP.exe (PID: 5036)
      • SMΔRTP.exe (PID: 8072)

    • Reads the machine GUID from the registry

      • SMΔRTP.exe (PID: 5036)
      • SMΔRTP.exe (PID: 3920)
      • SMΔRTP.exe (PID: 8072)

    • Checks proxy server information

      • SMΔRTP.exe (PID: 5036)
      • SMΔRTP.exe (PID: 3920)
      • SMΔRTP.exe (PID: 8072)

    • Reads the software policy settings

      • SMΔRTP.exe (PID: 5036)
      • SMΔRTP.exe (PID: 8072)
      • SMΔRTP.exe (PID: 3920)

    • FSG packer has been detected

      • SMΔRTP.exe (PID: 5036)
      • SMΔRTP.exe (PID: 5308)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
249
Monitored processes
114
Malicious processes
10
Suspicious processes
3

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs msedge.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notepad.exe no specs smadav2024rev152.exe smadav2024rev152.tmp no specs msedge.exe smadav2024rev152.exe smadav2024rev152.tmp msedge.exe no specs msedge.exe no specs regsvr32.exe no specs #JEEFO smδrtp.exe schtasks.exe no specs conhost.exe no specs smadavprotect64.exe no specs smδrtp.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs regsvr32.exe no specs regsvr32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs schtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs smadav2025rev1530.exe smadav2025rev1530.tmp no specs smadav2025rev1530.exe smadav2025rev1530.tmp taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs regsvr32.exe no specs #JEEFO smδrtp.exe smadavprotect64.exe no specs #JEEFO smδrtp.exe

Process information

PID
CMD
Path
Indicators
Parent process
1220"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3128 --field-trial-handle=2336,i,1676568974876022752,17572068628985558118,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1296"C:\Users\admin\Downloads\_Getintopc.com_Smadav_Pro_2024_v15.2\Smadav_Pro_2024_v15.2\smadav2024rev152.exe" C:\Users\admin\Downloads\_Getintopc.com_Smadav_Pro_2024_v15.2\Smadav_Pro_2024_v15.2\smadav2024rev152.exe
explorer.exe
User:
admin
Company:
Smadsoft
Integrity Level:
MEDIUM
Description:
SMADAV Setup
Version:
15.2.0.3
Modules
Images
c:\users\admin\downloads\_getintopc.com_smadav_pro_2024_v15.2\smadav_pro_2024_v15.2\smadav2024rev152.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7604 --field-trial-handle=2336,i,1676568974876022752,17572068628985558118,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1348"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6988 --field-trial-handle=2336,i,1676568974876022752,17572068628985558118,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1356"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files (x86)\SMADAV\SmadExtMenu64.dll"C:\Windows\System32\regsvr32.exesmadav2025rev1530.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1412"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=7724 --field-trial-handle=2336,i,1676568974876022752,17572068628985558118,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1612"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files (x86)\SMADAV\SmadExtMenu64.dll"C:\Windows\System32\regsvr32.exesmadav2024rev152.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1620\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2012"C:\Windows\System32\taskkill.exe" /f /im SmadavSecondaryUpdater.exeC:\Windows\SysWOW64\taskkill.exesmadav2025rev1530.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2124"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7852 --field-trial-handle=2336,i,1676568974876022752,17572068628985558118,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
29 057
Read events
28 798
Write events
229
Delete events
30

Modification events

(PID) Process:(2412) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2412) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2412) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2412) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(2412) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
7FC9C9054C8A2F00
(PID) Process:(2412) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
BA56D8054C8A2F00
(PID) Process:(2412) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328352
Operation:writeName:WindowTabManagerFileMappingId
Value:
{7FA0C3E9-6D5E-43C8-9AB9-84645E1878C1}
(PID) Process:(2412) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328352
Operation:writeName:WindowTabManagerFileMappingId
Value:
{2E13F37C-60CE-4C08-85F9-F0E9C37E2E34}
(PID) Process:(2412) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328352
Operation:writeName:WindowTabManagerFileMappingId
Value:
{F26076C3-10E2-4FB6-A92A-F2738E7DD575}
(PID) Process:(2412) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328352
Operation:writeName:WindowTabManagerFileMappingId
Value:
{42573DA7-70B8-4295-B94D-2F5F857DFE29}
Executable files
67
Suspicious files
706
Text files
153
Unknown types
6

Dropped files

PID
Process
Filename
Type
2412msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF13524a.TMP
MD5:
SHA256:
2412msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
2412msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF13524a.TMP
MD5:
SHA256:
2412msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
2412msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF135259.TMP
MD5:
SHA256:
2412msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
2412msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF135259.TMP
MD5:
SHA256:
2412msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
2412msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF135259.TMP
MD5:
SHA256:
2412msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
79
TCP/UDP connections
227
DNS requests
223
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.218.209.163:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4804
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9cf951df-e7db-4d00-b0fc-02131f5ca303?P1=1736934383&P2=404&P3=2&P4=F93cH8k7w0hY6HE%2b9gsajr1pOOpuc6wbLLyBzSG7QbRbzwApQ2OosqFpjwfohar08FCNTH%2bMXS0t6j4NDAo5fg%3d%3d
unknown
whitelisted
6736
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
520
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
520
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
4804
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9cf951df-e7db-4d00-b0fc-02131f5ca303?P1=1736934383&P2=404&P3=2&P4=F93cH8k7w0hY6HE%2b9gsajr1pOOpuc6wbLLyBzSG7QbRbzwApQ2OosqFpjwfohar08FCNTH%2bMXS0t6j4NDAo5fg%3d%3d
unknown
whitelisted
4804
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9cf951df-e7db-4d00-b0fc-02131f5ca303?P1=1736934383&P2=404&P3=2&P4=F93cH8k7w0hY6HE%2b9gsajr1pOOpuc6wbLLyBzSG7QbRbzwApQ2OosqFpjwfohar08FCNTH%2bMXS0t6j4NDAo5fg%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
880
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.218.209.163:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
104.126.37.170:443
www.bing.com
Akamai International B.V.
DE
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
6372
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
  • 20.73.194.208
whitelisted
google.com
  • 142.250.181.238
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
  • 2.16.164.49
  • 2.16.164.72
whitelisted
www.microsoft.com
  • 23.218.209.163
  • 2.23.246.101
  • 95.101.149.131
whitelisted
www.bing.com
  • 104.126.37.170
  • 104.126.37.130
  • 104.126.37.144
  • 104.126.37.123
  • 104.126.37.171
  • 104.126.37.153
  • 104.126.37.178
  • 104.126.37.131
  • 104.126.37.128
  • 2.23.227.215
  • 2.23.227.208
  • 104.126.37.163
  • 104.126.37.169
  • 104.126.37.161
  • 104.126.37.179
  • 104.126.37.162
  • 104.126.37.185
  • 104.126.37.154
  • 104.126.37.139
  • 104.126.37.155
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 184.30.131.245
  • 2.23.77.188
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
getintopc.com
  • 172.67.75.211
  • 104.26.0.196
  • 104.26.1.196
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted

Threats

PID
Process
Class
Message
6372
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
6372
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
6372
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
6372
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
6372
msedge.exe
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
6372
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
6372
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
6372
msedge.exe
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
getintopc.com