File name:

Release.zip

Full analysis: https://app.any.run/tasks/2c6b532a-5ed7-4204-a3bc-48d3abe1c57b
Verdict: Malicious activity
Analysis date: July 01, 2025, 14:33:04
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
discord
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

F9CBD4EA60E75D1AA642A33907B7C112

SHA1:

19F5BFDD727966D0B3B6469A32E1F72CA53510A2

SHA256:

8C7C3A32F8281A990CA5726FE661ED14798E5ADD2B528554E4440C832F25B4A7

SSDEEP:

98304:QuC0jJC9ku3+3S00gTa5MAgOvTMZO5ED6glLkUn8/vm8Enl90j0mISGjWvaVNcyV:6yXp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 1356)

    • Changes the autorun value in the registry

      • dxwebsetup.exe (PID: 8036)

    • Executing a file with an untrusted certificate

      • infinst.exe (PID: 8188)
      • infinst.exe (PID: 6268)
      • infinst.exe (PID: 7444)
      • infinst.exe (PID: 6756)
      • infinst.exe (PID: 2612)
      • infinst.exe (PID: 4888)
      • infinst.exe (PID: 1660)
      • infinst.exe (PID: 3900)
      • infinst.exe (PID: 7256)
      • infinst.exe (PID: 3576)
      • infinst.exe (PID: 7252)
      • infinst.exe (PID: 3760)
      • infinst.exe (PID: 6160)
      • infinst.exe (PID: 7888)
      • infinst.exe (PID: 7132)
      • infinst.exe (PID: 7640)
      • infinst.exe (PID: 2632)
      • infinst.exe (PID: 3108)
      • infinst.exe (PID: 7276)
      • infinst.exe (PID: 7740)
      • infinst.exe (PID: 1828)
      • infinst.exe (PID: 2220)
      • infinst.exe (PID: 8076)
      • infinst.exe (PID: 7220)
      • infinst.exe (PID: 5284)
      • infinst.exe (PID: 4864)
      • infinst.exe (PID: 1880)
      • infinst.exe (PID: 7404)
      • infinst.exe (PID: 1712)
      • infinst.exe (PID: 4936)
      • infinst.exe (PID: 1588)
      • infinst.exe (PID: 7316)
      • infinst.exe (PID: 2952)
      • infinst.exe (PID: 1636)
      • infinst.exe (PID: 6800)
      • infinst.exe (PID: 4232)
      • infinst.exe (PID: 1480)
      • infinst.exe (PID: 5084)
      • infinst.exe (PID: 6936)
      • infinst.exe (PID: 6228)
      • infinst.exe (PID: 320)
      • infinst.exe (PID: 5744)
      • infinst.exe (PID: 1392)
      • infinst.exe (PID: 8000)
      • infinst.exe (PID: 4084)
      • infinst.exe (PID: 6648)
      • infinst.exe (PID: 2404)
      • infinst.exe (PID: 7976)
      • infinst.exe (PID: 7452)
      • infinst.exe (PID: 6980)
      • infinst.exe (PID: 1868)
      • infinst.exe (PID: 1212)
      • infinst.exe (PID: 8068)
      • infinst.exe (PID: 3900)
      • infinst.exe (PID: 7244)
      • infinst.exe (PID: 6716)
      • infinst.exe (PID: 6212)
      • infinst.exe (PID: 7884)
      • infinst.exe (PID: 6188)
      • infinst.exe (PID: 7860)
      • infinst.exe (PID: 7872)
      • infinst.exe (PID: 7868)
      • infinst.exe (PID: 7360)
      • infinst.exe (PID: 7676)
      • infinst.exe (PID: 4960)
      • infinst.exe (PID: 4948)
      • infinst.exe (PID: 7980)
      • infinst.exe (PID: 7364)
      • infinst.exe (PID: 2632)
      • infinst.exe (PID: 2168)
      • infinst.exe (PID: 6372)
      • infinst.exe (PID: 7720)
      • infinst.exe (PID: 7740)
      • infinst.exe (PID: 8076)

    • Registers / Runs the DLL via REGSVR32.EXE

      • dxwsetup.exe (PID: 7724)

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • dxwsetup.exe (PID: 7724)

    • Process drops legitimate windows executable

      • msedge.exe (PID: 2732)
      • msedge.exe (PID: 2080)
      • dxwebsetup.exe (PID: 8036)
      • dxwsetup.exe (PID: 7724)
      • infinst.exe (PID: 8188)
      • infinst.exe (PID: 7444)
      • infinst.exe (PID: 6268)
      • infinst.exe (PID: 2612)
      • infinst.exe (PID: 4888)
      • infinst.exe (PID: 1660)
      • infinst.exe (PID: 6756)
      • infinst.exe (PID: 3576)
      • infinst.exe (PID: 7256)
      • infinst.exe (PID: 3900)
      • infinst.exe (PID: 7252)
      • infinst.exe (PID: 6160)
      • infinst.exe (PID: 7888)
      • infinst.exe (PID: 7132)
      • infinst.exe (PID: 3760)
      • infinst.exe (PID: 7640)
      • infinst.exe (PID: 3108)
      • infinst.exe (PID: 1828)
      • infinst.exe (PID: 7276)
      • infinst.exe (PID: 7740)
      • infinst.exe (PID: 2632)
      • infinst.exe (PID: 2220)
      • infinst.exe (PID: 7220)
      • infinst.exe (PID: 8076)
      • infinst.exe (PID: 4864)
      • infinst.exe (PID: 7404)
      • infinst.exe (PID: 5284)
      • infinst.exe (PID: 1880)
      • infinst.exe (PID: 1712)
      • infinst.exe (PID: 1588)
      • infinst.exe (PID: 4936)
      • infinst.exe (PID: 7316)
      • infinst.exe (PID: 2952)
      • infinst.exe (PID: 6800)
      • infinst.exe (PID: 1636)
      • infinst.exe (PID: 4232)
      • infinst.exe (PID: 6936)
      • infinst.exe (PID: 1480)
      • infinst.exe (PID: 5084)
      • infinst.exe (PID: 1392)
      • infinst.exe (PID: 6228)
      • infinst.exe (PID: 320)
      • infinst.exe (PID: 8000)
      • infinst.exe (PID: 6648)
      • infinst.exe (PID: 5744)
      • infinst.exe (PID: 4084)
      • infinst.exe (PID: 7452)
      • infinst.exe (PID: 2404)
      • infinst.exe (PID: 7976)
      • infinst.exe (PID: 8068)
      • infinst.exe (PID: 1868)
      • infinst.exe (PID: 6980)
      • infinst.exe (PID: 3900)
      • infinst.exe (PID: 6716)
      • infinst.exe (PID: 1212)
      • infinst.exe (PID: 7860)
      • infinst.exe (PID: 6212)
      • infinst.exe (PID: 7884)
      • infinst.exe (PID: 7244)
      • infinst.exe (PID: 6188)
      • infinst.exe (PID: 7872)
      • infinst.exe (PID: 7868)
      • infinst.exe (PID: 7360)
      • infinst.exe (PID: 4948)
      • infinst.exe (PID: 7676)
      • infinst.exe (PID: 4960)
      • infinst.exe (PID: 2632)
      • infinst.exe (PID: 7980)
      • infinst.exe (PID: 7364)
      • infinst.exe (PID: 7740)
      • infinst.exe (PID: 2168)
      • infinst.exe (PID: 6372)
      • infinst.exe (PID: 7720)
      • infinst.exe (PID: 8076)

    • Executable content was dropped or overwritten

      • dxwebsetup.exe (PID: 8036)
      • dxwsetup.exe (PID: 7724)
      • infinst.exe (PID: 7444)
      • infinst.exe (PID: 6268)
      • infinst.exe (PID: 8188)
      • infinst.exe (PID: 6756)
      • infinst.exe (PID: 2612)
      • infinst.exe (PID: 4888)
      • infinst.exe (PID: 3900)
      • infinst.exe (PID: 3576)
      • infinst.exe (PID: 7256)
      • infinst.exe (PID: 1660)
      • infinst.exe (PID: 7132)
      • infinst.exe (PID: 7252)
      • infinst.exe (PID: 6160)
      • infinst.exe (PID: 7888)
      • infinst.exe (PID: 3760)
      • infinst.exe (PID: 7640)
      • infinst.exe (PID: 3108)
      • infinst.exe (PID: 1828)
      • infinst.exe (PID: 2632)
      • infinst.exe (PID: 7276)
      • infinst.exe (PID: 2220)
      • infinst.exe (PID: 8076)
      • infinst.exe (PID: 7220)
      • infinst.exe (PID: 7740)
      • infinst.exe (PID: 7404)
      • infinst.exe (PID: 5284)
      • infinst.exe (PID: 4864)
      • infinst.exe (PID: 1712)
      • infinst.exe (PID: 1588)
      • infinst.exe (PID: 4936)
      • infinst.exe (PID: 1880)
      • infinst.exe (PID: 7316)
      • infinst.exe (PID: 2952)
      • infinst.exe (PID: 6800)
      • infinst.exe (PID: 1636)
      • infinst.exe (PID: 6936)
      • infinst.exe (PID: 4232)
      • infinst.exe (PID: 1480)
      • infinst.exe (PID: 5084)
      • infinst.exe (PID: 1392)
      • infinst.exe (PID: 320)
      • infinst.exe (PID: 6228)
      • infinst.exe (PID: 5744)
      • infinst.exe (PID: 8000)
      • infinst.exe (PID: 4084)
      • infinst.exe (PID: 7452)
      • infinst.exe (PID: 2404)
      • infinst.exe (PID: 7976)
      • infinst.exe (PID: 6648)
      • infinst.exe (PID: 8068)
      • infinst.exe (PID: 6980)
      • infinst.exe (PID: 1868)
      • infinst.exe (PID: 1212)
      • infinst.exe (PID: 3900)
      • infinst.exe (PID: 6716)
      • infinst.exe (PID: 7860)
      • infinst.exe (PID: 6212)
      • infinst.exe (PID: 7884)
      • infinst.exe (PID: 7244)
      • infinst.exe (PID: 7872)
      • infinst.exe (PID: 7868)
      • infinst.exe (PID: 6188)
      • infinst.exe (PID: 4948)
      • infinst.exe (PID: 4960)
      • infinst.exe (PID: 7360)
      • infinst.exe (PID: 7676)
      • infinst.exe (PID: 2632)
      • infinst.exe (PID: 7980)
      • infinst.exe (PID: 7364)
      • infinst.exe (PID: 7740)
      • infinst.exe (PID: 2168)
      • infinst.exe (PID: 6372)
      • infinst.exe (PID: 7720)
      • infinst.exe (PID: 8076)

    • Reads security settings of Internet Explorer

      • dxwsetup.exe (PID: 7724)
      • ShellExperienceHost.exe (PID: 7764)

    • Executes as Windows Service

      • VSSVC.exe (PID: 3820)

    • Searches for installed software

      • dllhost.exe (PID: 8120)

    • Write to the desktop.ini file (may be used to cloak folders)

      • dxwsetup.exe (PID: 7724)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 7804)
      • dxwsetup.exe (PID: 7724)
      • regsvr32.exe (PID: 8012)
      • regsvr32.exe (PID: 7408)
      • regsvr32.exe (PID: 892)
      • regsvr32.exe (PID: 7160)
      • regsvr32.exe (PID: 7336)
      • regsvr32.exe (PID: 7504)
      • regsvr32.exe (PID: 7028)
      • regsvr32.exe (PID: 7296)
      • regsvr32.exe (PID: 7448)
      • regsvr32.exe (PID: 7072)
      • regsvr32.exe (PID: 952)
      • regsvr32.exe (PID: 3028)
      • regsvr32.exe (PID: 2800)
      • regsvr32.exe (PID: 3400)
      • regsvr32.exe (PID: 7580)
      • regsvr32.exe (PID: 868)
      • regsvr32.exe (PID: 6284)
      • regsvr32.exe (PID: 2664)
      • regsvr32.exe (PID: 620)
      • regsvr32.exe (PID: 2356)
      • regsvr32.exe (PID: 1812)
      • regsvr32.exe (PID: 4196)
      • regsvr32.exe (PID: 4916)
      • regsvr32.exe (PID: 7588)
      • regsvr32.exe (PID: 7212)
      • regsvr32.exe (PID: 7440)

    • Starts CMD.EXE for commands execution

      • Spectacle.exe (PID: 7780)

    • Executes application which crashes

      • Spectacle.exe (PID: 7780)

  • INFO

    • The sample compiled with english language support

      • WinRAR.exe (PID: 1356)
      • msedge.exe (PID: 2732)
      • msedge.exe (PID: 2080)
      • dxwebsetup.exe (PID: 8036)
      • dxwsetup.exe (PID: 7724)
      • infinst.exe (PID: 8188)
      • infinst.exe (PID: 7444)
      • infinst.exe (PID: 6268)
      • infinst.exe (PID: 2612)
      • infinst.exe (PID: 4888)
      • infinst.exe (PID: 1660)
      • infinst.exe (PID: 6756)
      • infinst.exe (PID: 3900)
      • infinst.exe (PID: 3576)
      • infinst.exe (PID: 7256)
      • infinst.exe (PID: 7252)
      • infinst.exe (PID: 6160)
      • infinst.exe (PID: 7888)
      • infinst.exe (PID: 7132)
      • infinst.exe (PID: 3760)
      • infinst.exe (PID: 7640)
      • infinst.exe (PID: 3108)
      • infinst.exe (PID: 1828)
      • infinst.exe (PID: 7740)
      • infinst.exe (PID: 2632)
      • infinst.exe (PID: 7276)
      • infinst.exe (PID: 2220)
      • infinst.exe (PID: 8076)
      • infinst.exe (PID: 7220)
      • infinst.exe (PID: 4864)
      • infinst.exe (PID: 7404)
      • infinst.exe (PID: 5284)
      • infinst.exe (PID: 1880)
      • infinst.exe (PID: 1712)
      • infinst.exe (PID: 1588)
      • infinst.exe (PID: 4936)
      • infinst.exe (PID: 7316)
      • infinst.exe (PID: 2952)
      • infinst.exe (PID: 6800)
      • infinst.exe (PID: 1636)
      • infinst.exe (PID: 6936)
      • infinst.exe (PID: 1480)
      • infinst.exe (PID: 4232)
      • infinst.exe (PID: 1392)
      • infinst.exe (PID: 6228)
      • infinst.exe (PID: 320)
      • infinst.exe (PID: 5084)
      • infinst.exe (PID: 5744)
      • infinst.exe (PID: 8000)
      • infinst.exe (PID: 4084)
      • infinst.exe (PID: 7452)
      • infinst.exe (PID: 2404)
      • infinst.exe (PID: 7976)
      • infinst.exe (PID: 6648)
      • infinst.exe (PID: 8068)
      • infinst.exe (PID: 6980)
      • infinst.exe (PID: 1868)
      • infinst.exe (PID: 1212)
      • infinst.exe (PID: 3900)
      • infinst.exe (PID: 6716)
      • infinst.exe (PID: 7860)
      • infinst.exe (PID: 6212)
      • infinst.exe (PID: 7884)
      • infinst.exe (PID: 7244)
      • infinst.exe (PID: 6188)
      • infinst.exe (PID: 7872)
      • infinst.exe (PID: 7868)
      • infinst.exe (PID: 7360)
      • infinst.exe (PID: 4948)
      • infinst.exe (PID: 7676)
      • infinst.exe (PID: 4960)
      • infinst.exe (PID: 2632)
      • infinst.exe (PID: 7980)
      • infinst.exe (PID: 7364)
      • infinst.exe (PID: 7740)
      • infinst.exe (PID: 2168)
      • infinst.exe (PID: 6372)
      • infinst.exe (PID: 7720)
      • infinst.exe (PID: 8076)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1356)
      • msedge.exe (PID: 2732)
      • msedge.exe (PID: 2080)

    • Checks supported languages

      • identity_helper.exe (PID: 7580)
      • dxwebsetup.exe (PID: 8036)
      • identity_helper.exe (PID: 4828)
      • dxwsetup.exe (PID: 7724)
      • infinst.exe (PID: 8188)
      • infinst.exe (PID: 7444)
      • infinst.exe (PID: 6268)
      • infinst.exe (PID: 6756)
      • infinst.exe (PID: 2612)
      • infinst.exe (PID: 4888)
      • infinst.exe (PID: 1660)
      • infinst.exe (PID: 3900)
      • infinst.exe (PID: 3576)
      • infinst.exe (PID: 7256)
      • infinst.exe (PID: 7252)
      • infinst.exe (PID: 6160)
      • infinst.exe (PID: 7888)
      • infinst.exe (PID: 7132)
      • infinst.exe (PID: 7640)
      • infinst.exe (PID: 3108)
      • infinst.exe (PID: 2632)
      • infinst.exe (PID: 3760)
      • infinst.exe (PID: 7276)
      • infinst.exe (PID: 7740)
      • infinst.exe (PID: 1828)
      • infinst.exe (PID: 2220)
      • infinst.exe (PID: 8076)
      • infinst.exe (PID: 5284)
      • infinst.exe (PID: 4864)
      • infinst.exe (PID: 1880)
      • infinst.exe (PID: 7404)
      • infinst.exe (PID: 7220)
      • infinst.exe (PID: 1712)
      • infinst.exe (PID: 1588)
      • infinst.exe (PID: 4936)
      • infinst.exe (PID: 7316)
      • infinst.exe (PID: 2952)
      • infinst.exe (PID: 6800)
      • infinst.exe (PID: 1636)
      • infinst.exe (PID: 6936)
      • infinst.exe (PID: 4232)
      • infinst.exe (PID: 1480)
      • infinst.exe (PID: 5084)
      • infinst.exe (PID: 1392)
      • infinst.exe (PID: 6228)
      • infinst.exe (PID: 320)
      • infinst.exe (PID: 4084)
      • infinst.exe (PID: 8000)
      • infinst.exe (PID: 6648)
      • infinst.exe (PID: 5744)
      • infinst.exe (PID: 7452)
      • infinst.exe (PID: 2404)
      • infinst.exe (PID: 7976)
      • infinst.exe (PID: 8068)
      • infinst.exe (PID: 6980)
      • infinst.exe (PID: 1868)
      • infinst.exe (PID: 1212)
      • infinst.exe (PID: 3900)
      • infinst.exe (PID: 6716)
      • infinst.exe (PID: 7244)
      • infinst.exe (PID: 6212)
      • infinst.exe (PID: 7884)
      • infinst.exe (PID: 6188)
      • infinst.exe (PID: 7860)
      • infinst.exe (PID: 7872)
      • infinst.exe (PID: 7868)
      • infinst.exe (PID: 7360)
      • infinst.exe (PID: 7676)
      • infinst.exe (PID: 4960)
      • infinst.exe (PID: 4948)
      • infinst.exe (PID: 2632)
      • infinst.exe (PID: 7980)
      • infinst.exe (PID: 7364)
      • infinst.exe (PID: 7740)
      • infinst.exe (PID: 2168)
      • infinst.exe (PID: 6372)
      • infinst.exe (PID: 7720)
      • Spectacle.exe (PID: 7780)
      • infinst.exe (PID: 8076)
      • identity_helper.exe (PID: 1028)
      • ShellExperienceHost.exe (PID: 7764)

    • Reads the computer name

      • identity_helper.exe (PID: 7580)
      • identity_helper.exe (PID: 4828)
      • dxwsetup.exe (PID: 7724)
      • Spectacle.exe (PID: 7780)
      • identity_helper.exe (PID: 1028)
      • ShellExperienceHost.exe (PID: 7764)

    • Manual execution by a user

      • Spectacle.exe (PID: 5168)
      • msedge.exe (PID: 2080)
      • Spectacle.exe (PID: 7780)

    • Reads Environment values

      • identity_helper.exe (PID: 7580)
      • identity_helper.exe (PID: 4828)
      • identity_helper.exe (PID: 1028)

    • Launching a file from a Registry key

      • dxwebsetup.exe (PID: 8036)

    • Application launched itself

      • msedge.exe (PID: 2080)
      • msedge.exe (PID: 8100)
      • msedge.exe (PID: 1148)
      • msedge.exe (PID: 6288)

    • Create files in a temporary directory

      • dxwebsetup.exe (PID: 8036)
      • dxwsetup.exe (PID: 7724)

    • Reads the software policy settings

      • dxwsetup.exe (PID: 7724)
      • slui.exe (PID: 7284)
      • WerFault.exe (PID: 7356)

    • Reads the machine GUID from the registry

      • dxwsetup.exe (PID: 7724)

    • Creates files or folders in the user directory

      • dxwsetup.exe (PID: 7724)
      • WerFault.exe (PID: 7356)

    • Checks proxy server information

      • dxwsetup.exe (PID: 7724)
      • slui.exe (PID: 7284)
      • WerFault.exe (PID: 7356)

    • Manages system restore points

      • SrTasks.exe (PID: 7560)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2025:06:06 16:28:10
ZipCRC: 0x99dc6e8a
ZipCompressedSize: 64155
ZipUncompressedSize: 137728
ZipFileName: brotlicommon.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
341
Monitored processes
186
Malicious processes
78
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs spectacle.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs dxwebsetup.exe no specs dxwebsetup.exe dxwsetup.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs SPPSurrogate no specs vssvc.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msedge.exe no specs infinst.exe infinst.exe infinst.exe msedge.exe no specs infinst.exe infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe infinst.exe regsvr32.exe no specs infinst.exe infinst.exe regsvr32.exe no specs infinst.exe infinst.exe regsvr32.exe no specs infinst.exe infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe msedge.exe no specs msedge.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs infinst.exe msedge.exe no specs infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe infinst.exe infinst.exe infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs infinst.exe infinst.exe infinst.exe infinst.exe infinst.exe infinst.exe regsvr32.exe no specs infinst.exe regsvr32.exe no specs SPPSurrogate no specs spectacle.exe msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs shellexperiencehost.exe no specs werfault.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
320C:\Users\admin\AppData\Local\Temp\DX209F.tmp\infinst.exe XACT3_1_x64.infC:\Users\admin\AppData\Local\Temp\DX209F.tmp\infinst.exe
dxwsetup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\dx209f.tmp\infinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
620C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\xactengine3_4.dllC:\Windows\System32\regsvr32.exedxwsetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
856"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://discord.gg/varpudC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
868C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\XAudio2_2.dllC:\Windows\System32\regsvr32.exedxwsetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
892C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\xactengine2_3.dllC:\Windows\System32\regsvr32.exedxwsetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
952C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\xactengine3_0.dllC:\Windows\System32\regsvr32.exedxwsetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
952"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=5280,i,16280234058547015776,13885449001611653071,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1028"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=3908,i,15780404220760798778,1530311804783975733,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1148"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/varpudC:\Program Files (x86)\Microsoft\Edge\Application\msedge.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1212C:\Users\admin\AppData\Local\Temp\DX209F.tmp\infinst.exe X3DAudio1_6_x64.infC:\Users\admin\AppData\Local\Temp\DX209F.tmp\infinst.exe
dxwsetup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\dx209f.tmp\infinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
32 904
Read events
32 488
Write events
380
Delete events
36

Modification events

(PID) Process:(1356) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(1356) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(1356) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(1356) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\Release.zip
(PID) Process:(1356) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1356) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1356) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1356) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1356) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:name
Value:
256
(PID) Process:(1356) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:size
Value:
80
Executable files
663
Suspicious files
1 727
Text files
266
Unknown types
227

Dropped files

PID
Process
Filename
Type
2080msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF17826e.TMP
MD5:
SHA256:
2080msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
1356WinRAR.exeC:\Users\admin\Desktop\Release\libpng16.dllexecutable
MD5:E62C4A13DCF4587A2BB49FA329E0A443
SHA256:DCB9AF7F9E231D860A6DB4AB3046399A3ADCEE6CABE13456D7AC455CBC3C1DF5
2080msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF17827e.TMP
MD5:
SHA256:
2080msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
2080msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF17828e.TMP
MD5:
SHA256:
2080msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
1356WinRAR.exeC:\Users\admin\Desktop\Release\bz2.dllexecutable
MD5:C73F3E3B08C1AB3A6037A865B4B29870
SHA256:7284E939FF2EFAA589241AD6B064A134CCC1332C5E2B7998D065752D57D9385A
2080msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF17829d.TMP
MD5:
SHA256:
2080msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
184
TCP/UDP connections
190
DNS requests
213
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5896
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2732
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:ubYEEJrBNoGNo0WZitFR2XpRTHjY94ZR6JfP_avdZ34&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
7724
dxwsetup.exe
GET
302
23.212.89.111:80
http://download.microsoft.com/download/1/7/1/1718CCC4-6315-4D8E-9543-8E28A4E18C4C/dxupdate.cab
unknown
whitelisted
7784
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7784
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7724
dxwsetup.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
7724
dxwsetup.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
7724
dxwsetup.exe
GET
302
23.212.89.111:80
http://download.microsoft.com/download/1/7/1/1718CCC4-6315-4D8E-9543-8E28A4E18C4C/Apr2006_xinput_x86.cab
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4084
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5896
svchost.exe
20.190.160.5:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5896
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2732
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
google.com
  • 172.217.18.14
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
  • 2.16.241.12
  • 2.16.241.14
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 95.101.149.131
  • 2.23.246.101
whitelisted
login.live.com
  • 20.190.160.5
  • 20.190.160.20
  • 20.190.160.14
  • 20.190.160.128
  • 40.126.32.72
  • 20.190.160.64
  • 20.190.160.131
  • 20.190.160.130
  • 40.126.31.69
  • 40.126.31.128
  • 40.126.31.130
  • 40.126.31.67
  • 20.190.159.129
  • 20.190.159.75
  • 20.190.159.23
  • 20.190.159.128
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
ntp.msn.com
  • 204.79.197.203
whitelisted
copilot.microsoft.com
  • 92.123.104.45
  • 92.123.104.53
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Potentially Bad Traffic
ET INFO Possible Chrome Plugin install
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
8152
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
8152
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
8152
msedge.exe
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
8152
msedge.exe
Misc activity
ET INFO Discord Chat Service Domain in DNS Lookup (discord .com)
8152
msedge.exe
Misc activity
ET INFO Discord Chat Service Domain in DNS Lookup (discord .com)
8152
msedge.exe
Misc activity
ET INFO Observed Discord Service Domain (discord .com) in TLS SNI
Process
Message
dxwsetup.exe
DLL_PROCESS_ATTACH
dxwsetup.exe
DLL_PROCESS_ATTACH
dxwsetup.exe
Invalid parameter passed to C runtime function.
dxwsetup.exe
Invalid parameter passed to C runtime function.
dxwsetup.exe
DLL_PROCESS_DETACH
dxwsetup.exe
DLL_PROCESS_DETACH
dxwsetup.exe
DLL_PROCESS_ATTACH
dxwsetup.exe
DLL_PROCESS_ATTACH
dxwsetup.exe
DLL_PROCESS_DETACH
dxwsetup.exe
DLL_PROCESS_DETACH
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Release.zip