File name:

AndrowsInstaller.exe

Full analysis: https://app.any.run/tasks/001900fc-94b0-4692-88af-d946a4f336db
Verdict: Malicious activity
Analysis date: February 03, 2026, 02:01:42
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
anti-evasion
teamviewer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 8 sections
MD5:

0238214FF5F8A40A66D535E1795FED50

SHA1:

4BAE3CC8981968D9EF13232AD731407DE7AF5F0A

SHA256:

8E91EBE57AD70A58866ABDBAA5A406A3B036E519E9C4463E5ABEBE3986001792

SSDEEP:

98304:Va1V2lNxZSx8Qv/cgutMq0N0upwBtNYyVfnP4+Bi2YgUIDpkrqocQy/YfxsCA7qk:ZN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Uses WMIC.EXE to obtain computer system information

      • AndrowsInstaller.exe (PID: 7604)

    • Uses WMIC.EXE to obtain data on the base board management (motherboard or system board)

      • AndrowsInstaller.exe (PID: 7604)

    • Executable content was dropped or overwritten

      • AndrowsInstaller.exe (PID: 7604)
      • Setup.exe (PID: 468)

    • Drops 7-zip archiver for unpacking

      • AndrowsInstaller.exe (PID: 7604)
      • Setup.exe (PID: 468)

    • The process drops C-runtime libraries

      • AndrowsInstaller.exe (PID: 7604)
      • Setup.exe (PID: 468)

    • Drops a system driver (possible attempt to evade defenses)

      • AndrowsInstaller.exe (PID: 7604)
      • Setup.exe (PID: 468)

    • Process drops legitimate windows executable

      • AndrowsInstaller.exe (PID: 7604)
      • Setup.exe (PID: 468)

    • Reads the date of Windows installation

      • AndrowsInstaller.exe (PID: 7604)
      • Setup.exe (PID: 468)
      • AndrowsAssistant.exe (PID: 8252)

    • The process verifies whether the antivirus software is installed

      • Setup.exe (PID: 468)
      • AndrowsAssistant.exe (PID: 8252)

    • Named pipe usage

      • crashpad_handler.exe (PID: 6400)
      • crashpad_handler.exe (PID: 6496)

    • Reads the BIOS version

      • Setup.exe (PID: 468)

    • Creates file in the systems drive root

      • Setup.exe (PID: 468)

    • The process checks if it is being run in the virtual environment

      • Setup.exe (PID: 468)

  • INFO

    • Creates files or folders in the user directory

      • AndrowsInstaller.exe (PID: 7604)
      • Setup.exe (PID: 468)

    • Checks supported languages

      • AndrowsInstaller.exe (PID: 7604)
      • identity_helper.exe (PID: 2352)
      • Setup.exe (PID: 468)
      • crashpad_handler.exe (PID: 6400)
      • AndrowsAssistant.exe (PID: 8252)
      • crashpad_handler.exe (PID: 6496)
      • opengl_checker.exe (PID: 6316)
      • AndrowsAssistant.exe (PID: 1856)
      • AndrowsAssistant.exe (PID: 7560)

    • Reads the computer name

      • AndrowsInstaller.exe (PID: 7604)
      • identity_helper.exe (PID: 2352)
      • Setup.exe (PID: 468)
      • AndrowsAssistant.exe (PID: 8252)
      • crashpad_handler.exe (PID: 6400)
      • crashpad_handler.exe (PID: 6496)
      • opengl_checker.exe (PID: 6316)
      • AndrowsAssistant.exe (PID: 1856)
      • AndrowsAssistant.exe (PID: 7560)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 1840)
      • WMIC.exe (PID: 5872)
      • AndrowsInstaller.exe (PID: 7604)
      • Setup.exe (PID: 468)
      • AndrowsAssistant.exe (PID: 8252)

    • The sample compiled with english language support

      • AndrowsInstaller.exe (PID: 7604)
      • Setup.exe (PID: 468)

    • Create files in a temporary directory

      • AndrowsInstaller.exe (PID: 7604)
      • crashpad_handler.exe (PID: 6400)

    • Reads the machine GUID from the registry

      • AndrowsInstaller.exe (PID: 7604)
      • Setup.exe (PID: 468)
      • crashpad_handler.exe (PID: 6400)
      • AndrowsAssistant.exe (PID: 8252)
      • crashpad_handler.exe (PID: 6496)

    • Application launched itself

      • msedge.exe (PID: 4368)
      • msedge.exe (PID: 5440)
      • msedge.exe (PID: 8100)

    • Manual execution by a user

      • msedge.exe (PID: 8100)

    • Drops script file

      • msedge.exe (PID: 8100)
      • msedge.exe (PID: 7636)
      • AndrowsInstaller.exe (PID: 7604)
      • Setup.exe (PID: 468)

    • Reads Windows Product ID

      • Setup.exe (PID: 468)

    • The sample compiled with chinese language support

      • AndrowsInstaller.exe (PID: 7604)
      • Setup.exe (PID: 468)

    • Process checks computer location settings

      • AndrowsInstaller.exe (PID: 7604)
      • Setup.exe (PID: 468)
      • AndrowsAssistant.exe (PID: 8252)

    • Reads Environment values

      • Setup.exe (PID: 468)
      • identity_helper.exe (PID: 2352)

    • Reads product name

      • Setup.exe (PID: 468)

    • Creates files in the program directory

      • Setup.exe (PID: 468)

    • Checks proxy server information

      • Setup.exe (PID: 468)

    • TeamViewer related mutex has been found

      • Setup.exe (PID: 468)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2023:09:09 07:24:03+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.29
CodeSize: 3360256
InitializedDataSize: 3379712
UninitializedDataSize: -
EntryPoint: 0x2e819c
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.1489.0
ProductVersionNumber: 1.0.1489.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Tencent
FileDescription: 腾讯应用宝
FileVersion: 1.0.1489.0
LegalCopyright: Copyright (C) 2022 Tencent. All Rights Reserved.
InternalName: Androws
ProductName: Androws
ProductVersion: 1.0.1489.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
188
Monitored processes
39
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start androwsinstaller.exe wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs setup.exe crashpad_handler.exe androwsassistant.exe crashpad_handler.exe opengl_checker.exe no specs conhost.exe no specs androwsassistant.exe no specs androwsassistant.exe no specs slui.exe no specs androwsinstaller.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
468"C:\AndrowsData\Component\Androws\Setup.exe" C:\AndrowsData\Component\Androws\Setup.exe
AndrowsInstaller.exe
User:
admin
Company:
Tencent
Integrity Level:
HIGH
Description:
腾讯应用宝移动应用引擎
Version:
5.10.5000.4839
Modules
Images
c:\androwsdata\component\androws\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
676\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWMIC.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1128"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3680,i,6726632640889325833,10281811823586935871,262144 --variations-seed-version --mojo-platform-channel-handle=3852 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1840wmic path Win32_ComputerSystem get HypervisorPresentC:\Windows\System32\wbem\WMIC.exeAndrowsInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
1856"C:\AndrowsData\Component\Androws\AndrowsAssistant.exe" --check-opengl-process "Setup.exe" C:\AndrowsData\Component\Androws\AndrowsAssistant.exeSetup.exe
User:
admin
Company:
Tencent
Integrity Level:
HIGH
Description:
腾讯应用宝移动应用引擎
Exit code:
1000
Version:
5.10.5000.4839
Modules
Images
c:\androwsdata\component\androws\androwsassistant.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
2052"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5696,i,6726632640889325833,10281811823586935871,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2352"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6272,i,6726632640889325833,10281811823586935871,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
2608"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2756,i,6726632640889325833,10281811823586935871,262144 --variations-seed-version --mojo-platform-channel-handle=2752 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2760"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=6404,i,6726632640889325833,10281811823586935871,262144 --variations-seed-version --mojo-platform-channel-handle=6636 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2896"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --disable-quic --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=5692,i,6726632640889325833,10281811823586935871,262144 --variations-seed-version --mojo-platform-channel-handle=5772 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
5 377
Read events
5 322
Write events
53
Delete events
2

Modification events

(PID) Process:(7604) AndrowsInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws\Env
Operation:writeName:OpenglVendor
Value:
Microsoft Corporation
(PID) Process:(7604) AndrowsInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws\Env
Operation:writeName:OpenglRenderer
Value:
GDI Generic
(PID) Process:(7604) AndrowsInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws\Env
Operation:writeName:OpenglVersion
Value:
1.1.0
(PID) Process:(7604) AndrowsInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws
Operation:writeName:ChannelId
Value:
B80B000000000000
(PID) Process:(7604) AndrowsInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws
Operation:writeName:InstallSource
Value:
(PID) Process:(7604) AndrowsInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws
Operation:writeName:HyperVState
Value:
0000000000000000
(PID) Process:(7604) AndrowsInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws
Operation:writeName:VtState
Value:
0100000000000000
(PID) Process:(7604) AndrowsInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7604) AndrowsInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7604) AndrowsInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
421
Suspicious files
192
Text files
418
Unknown types
2

Dropped files

PID
Process
Filename
Type
8100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1e8412.TMP
MD5:
SHA256:
8100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
8100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1e8422.TMP
MD5:
SHA256:
8100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
8100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1e8422.TMP
MD5:
SHA256:
8100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
8100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF1e8422.TMP
MD5:
SHA256:
8100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
7604AndrowsInstaller.exeC:\androws_temp.txtbinary
MD5:0D5A9115CA3E62AAC00A5D6B68392C56
SHA256:6F24BAE6C7B73ED650F4E9777D5420898356B3CB2E08DABB3EDB2253A655F9E6
7604AndrowsInstaller.exeC:\Users\admin\AppData\Local\Temp\Tencent\Androws\install-resources\7za.dllexecutable
MD5:72491C7B87A7C2DD350B727444F13BB4
SHA256:34AD9BB80FE8BF28171E671228EB5B64A55CAA388C31CB8C0DF77C0136735891
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
63
TCP/UDP connections
125
DNS requests
58
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7004
svchost.exe
GET
304
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
whitelisted
3440
msedge.exe
GET
204
183.47.111.115:443
https://rumt-zh.com/collect/pv?originFrom=https%3A%2F%2Fprivacy.qq.com%2Fdocument%2Fpreview%2F5a9d7d83b67d4e8eaced5eb5f7f05f6c&id=aTSihIrSbVFyNktJdS&uin=&version=1.43.47&aid=35a0f744-5804-4505-bf01-29c246b3c3ff&env=production&ext1=1&platform=3&netType=4&vp=1352%20*%20648&sr=1360%20*%20768&sessionId=session-33be08156a6543c1af4525090261507c&from=https%3A%2F%2Fprivacy.qq.com%2Fdocument%2Fpreview%2F5a9d7d83b67d4e8eaced5eb5f7f05f6c&referer=
CN
unknown
3440
msedge.exe
GET
200
183.47.111.115:443
https://rumt-zh.com/collect/whitelist?id=aTSihIrSbVFyNktJdS&uin=&version=1.43.47&aid=35a0f744-5804-4505-bf01-29c246b3c3ff&env=production&ext1=1&platform=3&netType=4&vp=1352%20*%20648&sr=1360%20*%20768&sessionId=session-33be08156a6543c1af4525090261507c&from=https%3A%2F%2Fprivacy.qq.com%2Fdocument%2Fpreview%2F5a9d7d83b67d4e8eaced5eb5f7f05f6c&referer=
CN
text
60 b
unknown
3440
msedge.exe
GET
200
221.204.15.60:443
https://privacy.qq.com/document/static/js/chunk-jspdf.53ce4900.js
CN
binary
128 Kb
unknown
7604
AndrowsInstaller.exe
POST
200
129.226.102.75:443
https://yybadaccess.3g.qq.com/pc_yyb/pcyyb_get_downloader_policy
CN
text
47 b
unknown
3440
msedge.exe
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
446 b
whitelisted
7004
svchost.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
3440
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=67&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0
US
text
4.87 Kb
whitelisted
7604
AndrowsInstaller.exe
HEAD
200
43.152.28.34:443
https://conf.syzs.qq.com/xy/yyb_management_system/8b7fdfd18c05bcc56701b7df6797cc34.7z
SG
unknown
3440
msedge.exe
GET
200
104.18.23.222:443
https://copilot.microsoft.com/c/api/user/eligibility
US
text
25 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
7004
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6332
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7604
AndrowsInstaller.exe
129.226.102.75:443
yybadaccess.3g.qq.com
TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue
CN
unknown
7604
AndrowsInstaller.exe
43.173.131.185:8081
oth.eve.mdt.qq.com
TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue
CN
whitelisted
7004
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7004
svchost.exe
23.216.77.28:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
3440
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
self.events.data.microsoft.com
  • 20.189.173.11
whitelisted
google.com
  • 142.251.127.100
  • 142.251.127.138
  • 142.251.127.102
  • 142.251.127.101
  • 142.251.127.113
  • 142.251.127.139
whitelisted
yybadaccess.3g.qq.com
  • 129.226.102.75
unknown
oth.eve.mdt.qq.com
  • 43.173.131.185
  • 101.33.47.68
  • 101.33.47.206
unknown
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.42
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
privacy.qq.com
  • 221.204.15.60
  • 122.188.44.139
  • 122.188.45.182
  • 14.204.50.238
  • 119.167.249.58
  • 1.56.98.140
  • 122.193.250.66
  • 122.188.44.51
  • 122.188.45.51
  • 119.167.249.90
  • 59.83.212.226
  • 42.56.88.117
unknown
api.edgeoffer.microsoft.com
  • 13.107.213.45
  • 13.107.246.45
whitelisted

Threats

PID
Process
Class
Message
7004
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Process
Message
crashpad_handler.exe
Bugly: [statistices] find statistices file count:0
crashpad_handler.exe
[Trace] checkReportCacheFile num:0
crashpad_handler.exe
[6400:7460:20260202,210236.152:INFO bugly_trace_report.cc:322] [Trace] checkReportCacheFile num:0
crashpad_handler.exe
[6400:6296:20260202,210236.152:ERROR filesystem_win.cc:130] GetFileAttributes C:\Users\admin\AppData\Local\Temp\Tencent\Androws\BTrace\7ebaf51295\Trace: The system cannot find the file specified. (2)
crashpad_handler.exe
[6400:6296:20260202,210236.152:INFO bugly_crash_monitor_statistics.cc:282] Bugly: [statistices] find statistices file count:0
crashpad_handler.exe
[6496:6468:20260202,210236.464:INFO bugly_crash_monitor_statistics.cc:282] Bugly: [statistices] find statistices file count:0
crashpad_handler.exe
[6496:2860:20260202,210236.464:INFO bugly_trace_report.cc:322] [Trace] checkReportCacheFile num:0
crashpad_handler.exe
[Trace] checkReportCacheFile num:0
crashpad_handler.exe
Bugly: [statistices] find statistices file count:0
crashpad_handler.exe
[6400:7548:20260202,210237.620:INFO crash_report_upload_thread.cc:257] On CheckAndReportResiduesCrashReports, status:000007FF6DF019BC80
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AndrowsInstaller.exe