| URL: | https://getrunkhomuto.info/VEtTa1BrKCBWCjoZJT0WAhwBWmE6EgUlFwwMEQcGARkLMj0dbTIJJGl7dRk1MHZiTSM5dmJddj92dR1tZWVgX35nfX1fdic/IFZgcjshBW1kbTYGMml6dR85MHZqUmRhfWdNIiwyblpkYHsMUmBkbToFM2lzdR5teXl1DSNpenUZNTJ2Ox8kJDh2WBFxeRVOYhI9Og8jJih9GCQmLjIGdWYNIxk/JigjTmISET49PQ4PBQYfEwJnMT0GIRw8BWEFPj5jDg8FAB0+GTomOgIjHCwZLQUpKmYNewkAMhIdBDg9YR8xBzsuERUxFwF5ASMeAh0JCRUkGgQ/EicYPzEFACcZJQMcCRY+B2E8Ni0WJgUGDzs2JgFfBWQjGQ88GjoCBwI9HikHIAAdBV8JAgUEPzw4BB4jOB4fPhMHMQwdPAoTegQ4FiR5CgACPy9hLRcFJQEKMjlzKTIGAnsxBx4DHzgDOQYTHloEAhkEJgYSODIvBgYdPwRgAxxiOR0TBiolGA4EMSMSZh0EGzEBJwkeChINMiZiPAwJPTNhLgZfKgYlAQEHEjtjMj1hAR0tICcRKSkHNh4JLwc/IyQlFjA6Mi4GPCk+ExgOAyM4A2R/KT4+DhEFBRI1ERQbEwMMBRkfAicEOBYkGQUjIDUYYiUjDgMJJDI4AR0/PiQkNwc7LREUUjg2EwEYBhEvBCU8En0xLgoMKT0pBwMdCTEdZR0hPQQWKjIAFmISBT0nBnoVPjITDTkmYR44BT4KPgZhJSIODD8zMgINZTwEFTMdLmECERs5BwV4ATwKAzMgOT0eHDERBgAdPzFlAXsFAB0TGSE5OgYjMloaAREFAycFegEtHQMzOAkIFjoFWWBhGThSBQcnCT4xLg0DPQcgGDcsGgwvGzEINhwrIQYCGTI5PQIMBAZpByk4XycDJwEEMgMFJwljHiAePmUaHRReOzV7JBw1EjsAOWENewYHNGQFPwcGAyUFJAI/OyY9OwYdMAc0EgQXIQcCeDszBgIvFDgWATI2LxI/GTgbIQAPEhMeAh0EMRgeIwVZJGASBQM/MSBmGR0CAQY9YxY7CjwgPxhiLigODxk8BmcGJDEFAXoxWRUsKBcxOzYfPwMKAhkAJhYePgpYIAcuCzonAno7AB1mBRU9CA4FBT0FLR1hXgcADQk9ChwNACYWDgIKPxpgHjhaFgYgNzEyHAoqPjswGR0tFSMpFQM7NhwBHgYQBSQ4YGUSBwcWPB0+EwQOHQU5HT88Kzo8EhwxLAIkHRU5PwYNHhEEPwE4CRcsKgpbCiIGPiUYARMjAAY4ICkyKhV+AT0CEh04OToZewYcBQABHAo7LH0AMzwEHBZeGQAPHTwEEw0gCRcgBDE/AmcdBB8xNXo3LAI+GR8mYCQkBz44NS8ULQYGJQEkMhIRPD88AioeBgYRGT5SMQZ5AS0FOBEdJQVhDDAtGgIpCwxgARwjAAcSLwckCB4HHgcKLB8EHzsHDiATBQAdOzkGJBsEAAobGWI5JDENFSUxZH4JMQUCKgY8AhIePzk6Bh5mXwUDemc/FhEyBjMaBx0WMWQBHxUKMgF/Kzg9ZRMALAIRHj8PZAAeZxwEAAkfDjwkAwcBHiMFPiYqDg8RPTU/OyY9ByQABywCIBwLDx81eSAcBWZ+ADpgZR03Ljg4GTgbFQAnCSQBOCcEPwgwHAQsI2QdPzkSGQwVPgQ/cgY5FWEACT44AygVMRQbHx0kMgMZOzI7AgEeAGUlGj0lAxkgChEGPxEkCBcCHQcFOBoGOT0DDg4JBAcTHSc8CDgRBT83LB0/MRMADBkzChIvCT1gDiQFLCQfKWNaGAcnBSUGZBEVPgckCR4tIBMYPhsCMSY0WwoTOCQPYh0yMSMCDh0WGxkNIREgNDgOKiUFMBEELgojEmFeBjAgYxExEBk6Jjo4DAVaNBooPi0XBhM3CgYuJ2UyOhIENz5lEhw4MTExIAkoBWUFKSY9Gn4cPjwDKRQMYAAhGTk1AiQrMRYkHzIRO2YSOSUfAHoZMwY+HQM9PA4/BS8aPgY/Mio2DTc+BxIRAj06HhwwWRomHjkpBAIeZiMHPgEZDzwBMh49ID4pBz0oAh4FGAcCJyA+PCQqHi5gZBI4MR8Fe2YsMRE7HD1gZTIGWjRgHxZeCBkeBSYdAwYqPWJlDActBgMYOAMeNh0JPglmeiAIYG0DHT8CDBk+CGANHjcKNDgnJwoWHh8ALT9lH2M+ZBkeYjMdASMcCmAOfwYHNCcdYxNmBiZqAQJkOyI/YAYMBz0dIy8UEwICDSNfBgEjPDhhOzwdPTQbHRYiJw0dOyQzEiQrPDoaITEzAhgSBjkHGg0eHDQRegc9YR5/BDxlEx8/ByEAIAkCAmURBz5iJAwxPmEDERU5HxkOIycHOTMkORYeHDEjAjwZCzonASZmAB4CGSAKGBYeAC4aLh8XKmUGDAE9BDoRCz0qBjIFLxo7HgZaGQAlNzgdHAYrPTwGBDc+YQAEFy0FGR4jOgZmOGI+PQI+AgU8NSk9KSkAIRE4MhIRCw9jDh0ELiBnEgQTBwIdAV0BPwEHOQUCfgc8KDUvYi0FNg0BPzU/DmI+PSd+MQcVLRw+LQI2HSMzBjkzACYGJBMJLmU+KmA5Jw17BR00ZHIaMRVtGwQsAWUcODk7GiBqIx8MJwQ5BzwSCj8WIyoVMioAHxkABhF/Yj4HZQAyWiADKhY9OzYfFhIJAREkCBYOHgkjGgEZBRspASc7IDQCOwU5PDAEAQZpYhw9AGQaHRkjHgEBOj0XBh8FARITKDhaCQUlHSQDEREiPRU8CAQHPCAEFwB9ciQgGW0iIjcYIjdlIB8iMSo+TTonP25TdjElIVZgcicwHjFpJjwROTgnMk5iEn59W3Vme3sGMTciPR8/JyN2WBJxeWMCPiAuP05iZCYyCHVmezwYdWZ7K05iZHpjNGFhFGRCdWZ7MhsgOC4kDjI/IidOYhJ+YFx+Z312WWB8IDsfPThuYSh1Zns/AjsxbmFbNzEoOAR5cXljCDgmJD4OdWYNYlljent9W35kbmFbIzUtMhk5cXkVXmNjZWBddWZ7PBsicXkVWmBtZWNFYHp7dR8qMHZ+XnYhJzwIbXIiNVZgcignVmNyKCcIbWRtDFw3HnNuWmdlc2ZbaGx6ZFhhY20mHyJldh0KHm4FMiVqGiodTSUgOWFWHjUFdR4kJnhuJTEabSYfImB2JgU0MS06BTUwbSYfImF2JgU0MS06BTUwbSYfImJ2JgU0MS06BTUwbSYfImN2JgU0MS06BTUwbSUKPD0vblo= |
| Full analysis: | https://app.any.run/tasks/7b506489-2546-484f-824e-d8818ae2aa5d |
| Verdict: | Malicious activity |
| Analysis date: | June 17, 2024, 10:27:42 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MD5: | CBA689FED4A094940DE11F0E9D393F7D |
| SHA1: | 4657487F1CDFB25757FD649586C1AD46DE69E5E8 |
| SHA256: | 89E0BABA46876AE2A416C20773688DF056CD92D9953FFED84EDEB9E00A5F8FD6 |
| SSDEEP: | 96:Y4D2NL2zk5I7hMKEp5U5k+K2mqJ07eNbXTS:Y4Dy2vhMKEpH3j7eNbXTS |
MALICIOUS
No malicious indicators.SUSPICIOUS
No suspicious indicators.INFO
Application launched itself
- msedge.exe (PID: 3996)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
47
Monitored processes
16
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 936 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=4164 --field-trial-handle=1296,i,14029577748538896900,8743974764652221325,131072 /prefetch:8 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 109.0.1518.115 Modules
| |||||||||||||||
| 1212 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1512 --field-trial-handle=1296,i,14029577748538896900,8743974764652221325,131072 /prefetch:2 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 109.0.1518.115 Modules
| |||||||||||||||
| 1468 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2424 --field-trial-handle=1296,i,14029577748538896900,8743974764652221325,131072 /prefetch:1 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 109.0.1518.115 Modules
| |||||||||||||||
| 1488 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2224 --field-trial-handle=1296,i,14029577748538896900,8743974764652221325,131072 /prefetch:1 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 1576 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3712 --field-trial-handle=1296,i,14029577748538896900,8743974764652221325,131072 /prefetch:8 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 109.0.1518.115 Modules
| |||||||||||||||
| 1812 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3284 --field-trial-handle=1296,i,14029577748538896900,8743974764652221325,131072 /prefetch:1 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 109.0.1518.115 Modules
| |||||||||||||||
| 1856 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1296,i,14029577748538896900,8743974764652221325,131072 /prefetch:1 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 1876 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1612 --field-trial-handle=1296,i,14029577748538896900,8743974764652221325,131072 /prefetch:8 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 109.0.1518.115 Modules
| |||||||||||||||
| 1960 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3492 --field-trial-handle=1296,i,14029577748538896900,8743974764652221325,131072 /prefetch:1 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 109.0.1518.115 Modules
| |||||||||||||||
| 2020 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2332 --field-trial-handle=1296,i,14029577748538896900,8743974764652221325,131072 /prefetch:8 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
Total events
3 339
Read events
3 317
Write events
20
Delete events
2
Modification events
| (PID) Process: | (3996) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon |
| Operation: | write | Name: | failed_count |
Value: 0 | |||
| (PID) Process: | (3996) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon |
| Operation: | write | Name: | state |
Value: 2 | |||
| (PID) Process: | (3996) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty |
| Operation: | write | Name: | StatusCodes |
Value: | |||
| (PID) Process: | (3996) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty |
| Operation: | write | Name: | StatusCodes |
Value: 01000000 | |||
| (PID) Process: | (3996) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon |
| Operation: | write | Name: | state |
Value: 1 | |||
| (PID) Process: | (3996) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} |
| Operation: | write | Name: | dr |
Value: 1 | |||
| (PID) Process: | (3996) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics |
| Operation: | write | Name: | user_experience_metrics.stability.exited_cleanly |
Value: 0 | |||
| (PID) Process: | (3996) msedge.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault |
| Operation: | write | Name: | S-1-5-21-1302019708-1500728564-335382590-1000 |
Value: B5BB2EB3A9792F00 | |||
| (PID) Process: | (3996) msedge.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\FirstNotDefault |
| Operation: | delete value | Name: | S-1-5-21-1302019708-1500728564-335382590-1000 |
Value: | |||
| (PID) Process: | (3996) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Edge |
| Operation: | write | Name: | UsageStatsInSample |
Value: 1 | |||
Executable files
14
Suspicious files
99
Text files
83
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3996 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF102b57.TMP | — | |
MD5:— | SHA256:— | |||
| 3996 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 3996 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF102b67.TMP | — | |
MD5:— | SHA256:— | |||
| 3996 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old | — | |
MD5:— | SHA256:— | |||
| 3996 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF102b77.TMP | — | |
MD5:— | SHA256:— | |||
| 3996 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF102c23.TMP | — | |
MD5:— | SHA256:— | |||
| 3996 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old | — | |
MD5:— | SHA256:— | |||
| 3996 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat | binary | |
MD5:A6EBC0D32A7B9304824D19DB63B4E37A | SHA256:E991057C2B1718A151C5FD06E1C153F57130D195454A1F94C8C4C20971697093 | |||
| 3996 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old | text | |
MD5:646FEFDB4D82709E3056F5C71953783C | SHA256:7B83D8689750F64D31016F1E8AC2A4EB9D7DB406E4C9C66211D4ED17DEBFEAD9 | |||
| 3996 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old~RF102b48.TMP | text | |
MD5:72265FBF816F9AAE473C0CEB421DE724 | SHA256:C549BD4A176A3744A5D91391D311E28F0503BB69213E38835A1CB213038D938C | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
37
DNS requests
116
Threats
5
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
3996 | msedge.exe | 239.255.255.250:1900 | — | — | — | unknown |
1088 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |
2040 | msedge.exe | 3.160.150.5:443 | getrunkhomuto.info | — | US | unknown |
2040 | msedge.exe | 204.79.197.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
2040 | msedge.exe | 13.107.43.16:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
2040 | msedge.exe | 139.45.197.239:443 | dukirliaon.com | RETN Limited | GB | unknown |
2040 | msedge.exe | 139.45.197.236:443 | yonmewon.com | RETN Limited | GB | unknown |
2040 | msedge.exe | 139.45.195.8:443 | my.rtmark.net | RETN Limited | GB | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
getrunkhomuto.info |
| unknown |
config.edge.skype.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
dukirliaon.com |
| unknown |
yonmewon.com |
| unknown |
my.rtmark.net |
| whitelisted |
www.bing.com |
| whitelisted |
s.click.aliexpress.com |
| whitelisted |
campaign.aliexpress.com |
| whitelisted |
assets.alicdn.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare Network Error Logging (NEL) |
— | — | Misc activity | ET INFO Observed ZeroSSL SSL/TLS Certificate |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code.jquery .com) |
2040 | msedge.exe | Potentially Bad Traffic | ET DNS Query for .to TLD |
2040 | msedge.exe | Potentially Bad Traffic | ET DNS Query for .to TLD |