URL:

https://www.google.com

Full analysis: https://app.any.run/tasks/e5408918-0b98-492a-ae12-71fdfc3fb095
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: October 05, 2022, 03:24:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

8FFDEFBDEC956B595D257F0AAEEFD623

SHA1:

EF7EFC9839C3EE036F023E9635BC3B056D6EE2DB

SHA256:

AC6BB669E40E44A8D9F8F0C94DFC63734049DCF6219AAC77F02EDF94B9162C09

SSDEEP:

3:N8DSLIK:2OLIK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • MicrosoftEdgeSetup.exe (PID: 2488)
      • MicrosoftEdgeUpdate.exe (PID: 2584)
      • MicrosoftEdgeUpdateSetup.exe (PID: 1788)
      • MicrosoftEdgeUpdate.exe (PID: 2740)
      • MicrosoftEdgeUpdate.exe (PID: 2912)
      • MicrosoftEdgeUpdate.exe (PID: 3228)
      • MicrosoftEdgeUpdate.exe (PID: 3084)
      • MicrosoftEdgeUpdate.exe (PID: 824)
      • MicrosoftEdgeUpdate.exe (PID: 4008)
      • MicrosoftEdgeUpdate.exe (PID: 460)
      • MicrosoftEdge_X86_106.0.1370.34.exe (PID: 2364)
      • setup.exe (PID: 1448)
      • setup.exe (PID: 1000)
      • MicrosoftEdgeUpdate.exe (PID: 2628)
      • setup.exe (PID: 4080)
      • setup.exe (PID: 2504)

    • Loads dropped or rewritten executable

      • MicrosoftEdgeUpdate.exe (PID: 2584)
      • MicrosoftEdgeUpdate.exe (PID: 2740)
      • MicrosoftEdgeUpdate.exe (PID: 2912)
      • MicrosoftEdgeUpdate.exe (PID: 3084)
      • MicrosoftEdgeUpdate.exe (PID: 824)
      • MicrosoftEdgeUpdate.exe (PID: 3228)
      • MicrosoftEdgeUpdate.exe (PID: 4008)
      • MicrosoftEdgeUpdate.exe (PID: 460)
      • MicrosoftEdgeUpdate.exe (PID: 2628)

    • Loads the Task Scheduler COM API

      • MicrosoftEdgeUpdate.exe (PID: 2740)
      • MicrosoftEdgeUpdate.exe (PID: 4008)

    • Changes settings of System certificates

      • MicrosoftEdgeUpdate.exe (PID: 3084)

    • Actions looks like stealing of personal data

      • MicrosoftEdge_X86_106.0.1370.34.exe (PID: 2364)
      • setup.exe (PID: 1448)
      • setup.exe (PID: 4080)

    • Changes the autorun value in the registry

      • setup.exe (PID: 1448)

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3888)
      • iexplore.exe (PID: 3384)

    • Checks supported languages

      • MicrosoftEdgeSetup.exe (PID: 2488)
      • MicrosoftEdgeUpdate.exe (PID: 2584)
      • MicrosoftEdgeUpdate.exe (PID: 2740)
      • MicrosoftEdgeUpdateSetup.exe (PID: 1788)
      • MicrosoftEdgeUpdate.exe (PID: 2912)
      • MicrosoftEdgeUpdate.exe (PID: 3228)
      • MicrosoftEdgeUpdate.exe (PID: 3084)
      • MicrosoftEdgeUpdate.exe (PID: 4008)
      • MicrosoftEdgeUpdate.exe (PID: 824)
      • MicrosoftEdgeUpdate.exe (PID: 460)
      • MicrosoftEdge_X86_106.0.1370.34.exe (PID: 2364)
      • setup.exe (PID: 1448)
      • setup.exe (PID: 1000)
      • MicrosoftEdgeUpdate.exe (PID: 2628)
      • setup.exe (PID: 4080)
      • setup.exe (PID: 2504)

    • Creates a directory in Program Files

      • MicrosoftEdgeUpdate.exe (PID: 2740)
      • MicrosoftEdgeUpdateSetup.exe (PID: 1788)
      • MicrosoftEdgeUpdate.exe (PID: 4008)
      • MicrosoftEdge_X86_106.0.1370.34.exe (PID: 2364)
      • setup.exe (PID: 1448)

    • Reads the computer name

      • MicrosoftEdgeUpdate.exe (PID: 2584)
      • MicrosoftEdgeUpdate.exe (PID: 2740)
      • MicrosoftEdgeUpdate.exe (PID: 2912)
      • MicrosoftEdgeUpdate.exe (PID: 3084)
      • MicrosoftEdgeUpdate.exe (PID: 824)
      • MicrosoftEdgeUpdate.exe (PID: 4008)
      • MicrosoftEdgeUpdate.exe (PID: 460)
      • MicrosoftEdge_X86_106.0.1370.34.exe (PID: 2364)
      • setup.exe (PID: 1448)
      • setup.exe (PID: 1000)
      • MicrosoftEdgeUpdate.exe (PID: 2628)
      • setup.exe (PID: 2504)

    • Creates files in the program directory

      • MicrosoftEdgeUpdate.exe (PID: 2740)
      • MicrosoftEdgeUpdateSetup.exe (PID: 1788)
      • MicrosoftEdgeUpdate.exe (PID: 4008)
      • MicrosoftEdge_X86_106.0.1370.34.exe (PID: 2364)
      • setup.exe (PID: 1000)
      • setup.exe (PID: 1448)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 2740)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 2740)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 3084)
      • MicrosoftEdgeUpdate.exe (PID: 460)
      • MicrosoftEdgeUpdate.exe (PID: 2628)
      • msedge.exe (PID: 3856)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdate.exe (PID: 3228)
      • setup.exe (PID: 1448)

    • Creates a software uninstall entry

      • MicrosoftEdgeUpdate.exe (PID: 2740)
      • setup.exe (PID: 1448)
      • msedge.exe (PID: 3856)

    • Executed as Windows Service

      • MicrosoftEdgeUpdate.exe (PID: 4008)

    • Application launched itself

      • MicrosoftEdgeUpdate.exe (PID: 4008)
      • setup.exe (PID: 1448)
      • setup.exe (PID: 4080)

    • Creates files in the Windows directory

      • MicrosoftEdgeUpdate.exe (PID: 460)

    • Adds / modifies Windows certificates

      • MicrosoftEdgeUpdate.exe (PID: 3084)

    • Changes default file association

      • setup.exe (PID: 1448)

  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 3384)
      • iexplore.exe (PID: 3888)
      • msedge.exe (PID: 3856)
      • msedge.exe (PID: 3196)
      • msedge.exe (PID: 596)
      • msedge.exe (PID: 288)
      • msedge.exe (PID: 1100)
      • msedge.exe (PID: 1136)

    • Checks supported languages

      • iexplore.exe (PID: 3384)
      • iexplore.exe (PID: 3888)
      • msedge.exe (PID: 3196)
      • msedge.exe (PID: 3856)
      • msedge.exe (PID: 3712)
      • msedge.exe (PID: 3500)
      • msedge.exe (PID: 596)
      • msedge.exe (PID: 2324)
      • msedge.exe (PID: 3960)
      • msedge.exe (PID: 3684)
      • msedge.exe (PID: 3028)
      • msedge.exe (PID: 3860)
      • msedge.exe (PID: 1828)
      • msedge.exe (PID: 3812)
      • msedge.exe (PID: 2732)
      • msedge.exe (PID: 2720)
      • msedge.exe (PID: 288)
      • msedge.exe (PID: 2180)
      • msedge.exe (PID: 1100)
      • msedge.exe (PID: 688)
      • msedge.exe (PID: 2096)
      • msedge.exe (PID: 3192)
      • msedge.exe (PID: 3792)
      • msedge.exe (PID: 2496)
      • msedge.exe (PID: 1824)
      • msedge.exe (PID: 2652)
      • msedge.exe (PID: 1280)
      • msedge.exe (PID: 1136)
      • msedge.exe (PID: 3776)
      • msedge.exe (PID: 1096)
      • msedge.exe (PID: 3732)
      • msedge.exe (PID: 2112)
      • msedge.exe (PID: 1308)
      • msedge.exe (PID: 3396)
      • msedge.exe (PID: 3304)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3888)
      • iexplore.exe (PID: 3384)
      • MicrosoftEdgeUpdate.exe (PID: 4008)
      • MicrosoftEdgeUpdate.exe (PID: 460)
      • MicrosoftEdgeUpdate.exe (PID: 3084)
      • MicrosoftEdgeUpdate.exe (PID: 2628)
      • msedge.exe (PID: 3856)

    • Creates files in the user directory

      • iexplore.exe (PID: 3888)
      • iexplore.exe (PID: 3384)
      • msedge.exe (PID: 3856)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3384)
      • iexplore.exe (PID: 3888)
      • MicrosoftEdgeUpdate.exe (PID: 3084)
      • MicrosoftEdgeUpdate.exe (PID: 460)
      • MicrosoftEdgeUpdate.exe (PID: 4008)
      • MicrosoftEdgeUpdate.exe (PID: 2628)

    • Application launched itself

      • iexplore.exe (PID: 3384)
      • msedge.exe (PID: 1100)
      • msedge.exe (PID: 3856)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3888)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3384)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3384)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3384)

    • Changes internet zones settings

      • iexplore.exe (PID: 3384)

    • Reads the hosts file

      • msedge.exe (PID: 3856)
      • msedge.exe (PID: 3196)

    • Manual execution by user

      • msedge.exe (PID: 3856)
      • msedge.exe (PID: 1100)

    • Reads the date of Windows installation

      • msedge.exe (PID: 3856)

    • Searches for installed software

      • msedge.exe (PID: 3856)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
93
Monitored processes
51
Malicious processes
16
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe microsoftedgesetup.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdatesetup.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe microsoftedge_x86_106.0.1370.34.exe setup.exe setup.exe no specs microsoftedgeupdate.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs setup.exe setup.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
288"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1484 --field-trial-handle=1320,i,17417084661286590126,7725687607592309648,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
106.0.1370.34
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\106.0.1370.34\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
460"C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjcuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjcuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTVDNEUwQUItRDg0NC00RTZGLUFCQkQtMzlDRkUyMjg0MzRFfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezkyMTcwRjQ0LTA3NkYtNENFNy1BNTIwLUMxRkQ3RDVGNjlFMn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI0IiBwaHlzbWVtb3J5PSIzIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjI0NTQ2IiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing4NiIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iODYuMC40MjQwLjE5OCIgbmV4dHZlcnNpb249Ijg2LjAuNDI0MC4xOTgiIGxhbmc9ImVuIiBicmFuZD0iR0NFQSIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjE0OTgiIGluc3RhbGxkYXRlPSI0MjU2IiBpbnN0YWxsZGF0ZXRpbWU9IjE1MzU0NTQ2MzgiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NTQ2OTIzODI4Ii8-PC9hcHA-PC9yZXF1ZXN0PgC:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.167.21
Modules
Images
c:\program files\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
596"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1248 --field-trial-handle=1320,i,17417084661286590126,7725687607592309648,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
106.0.1370.34
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\program files\microsoft\edge\application\106.0.1370.34\msedge_elf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
688"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=106.0.5249.91 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=106.0.1370.34 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6a4414c0,0x6a4414d0,0x6a4414dcC:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
106.0.1370.34
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\106.0.1370.34\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
824"C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=0&lang=en" /installsource taggedmi /sessionid "{95C4E0AB-D844-4E6F-ABBD-39CFE228434E}"C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.167.21
Modules
Images
c:\program files\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
1000"C:\Program Files\Microsoft\EdgeUpdate\Install\{AC9DDEDD-39B7-4E84-A9B8-8E28B17103FD}\EDGEMITMP_30985.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=0 --install-level=1C:\Program Files\Microsoft\EdgeUpdate\Install\{AC9DDEDD-39B7-4E84-A9B8-8E28B17103FD}\EDGEMITMP_30985.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Installer
Exit code:
99
Version:
106.0.1370.34
Modules
Images
c:\program files\microsoft\edgeupdate\install\{ac9ddedd-39b7-4e84-a9b8-8e28b17103fd}\edgemitmp_30985.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
1096"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3580 --field-trial-handle=1320,i,17417084661286590126,7725687607592309648,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
106.0.1370.34
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\106.0.1370.34\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1100"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --profile-directory=DefaultC:\Program Files\Microsoft\Edge\Application\msedge.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
106.0.1370.34
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\106.0.1370.34\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
1136"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2060 --field-trial-handle=1320,i,17417084661286590126,7725687607592309648,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
106.0.1370.34
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
1280"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4944 --field-trial-handle=1320,i,17417084661286590126,7725687607592309648,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
106.0.1370.34
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\program files\microsoft\edge\application\106.0.1370.34\msedge_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
Total events
57 879
Read events
53 851
Write events
3 996
Delete events
32

Modification events

(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30988393
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
20771126
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30988394
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
306
Suspicious files
746
Text files
494
Unknown types
77

Dropped files

PID
Process
Filename
Type
3888iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAder
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442der
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_871E11B76822F93FE2DBF907A5A1D9A8binary
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\SVY2DFP4.txttext
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\6T384ZKC.txttext
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\RUH4KGOG.txttext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
207
DNS requests
107
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
928
svchost.exe
HEAD
200
209.197.3.8:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/397048b9-2026-45cd-a345-e41f68fbde41?P1=1665545175&P2=404&P3=2&P4=VNlNEvKHW6LUaeB3ZJdya7xzGANhCCuqINCecCVXyxHOuxHpkgdhEz%2fj0GbP%2bM0Hu7YsulJsyIEZfUNJnU3DKg%3d%3d
US
whitelisted
3888
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
3888
iexplore.exe
GET
200
172.217.169.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD6a7qQTCYd8hJU9n3M3mXb
US
der
472 b
whitelisted
3384
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D
US
der
471 b
whitelisted
3888
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
3888
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3888
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp2.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHr7M35ZTSPHb9t8TGKb2tY%3D
US
der
1.40 Kb
whitelisted
3888
iexplore.exe
GET
200
172.217.169.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
384
svchost.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?85e898734d20311a
US
compressed
60.9 Kb
whitelisted
3888
iexplore.exe
GET
200
172.217.169.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCECY%2B0YL3%2ByMOCtPdrqPffYg%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3888
iexplore.exe
13.107.5.80:443
api.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3888
iexplore.exe
40.126.32.138:443
login.microsoftonline.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3888
iexplore.exe
172.217.169.131:80
ocsp.pki.goog
GOOGLE
US
whitelisted
3888
iexplore.exe
142.250.187.100:443
www.google.com
GOOGLE
US
whitelisted
3888
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
3888
iexplore.exe
2.18.233.62:443
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3888
iexplore.exe
23.35.236.237:443
assets.adobedtm.com
AKAMAI-AS
DE
unknown
3888
iexplore.exe
13.107.21.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3888
iexplore.exe
2.21.20.137:443
mwf-service.akamaized.net
Akamai International B.V.
DE
suspicious
3888
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted

DNS requests

Domain
IP
Reputation
www.google.com
  • 142.250.187.100
  • 142.250.185.164
malicious
ctldl.windowsupdate.com
  • 93.184.221.240
  • 209.197.3.8
whitelisted
ocsp.pki.goog
  • 172.217.169.131
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
ssl.gstatic.com
  • 172.217.17.99
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
clients1.google.com
  • 172.217.20.78
whitelisted
login.microsoftonline.com
  • 40.126.32.138
  • 40.126.32.74
  • 20.190.160.20
  • 40.126.32.140
  • 20.190.160.17
  • 40.126.32.133
  • 40.126.32.134
  • 40.126.32.76
  • 20.190.159.0
  • 20.190.159.75
  • 20.190.159.68
  • 20.190.159.4
  • 40.126.31.71
  • 20.190.159.64
  • 20.190.159.2
  • 40.126.31.73
whitelisted
login.live.com
  • 20.190.159.2
  • 20.190.159.4
  • 20.190.159.23
  • 20.190.159.75
  • 20.190.159.64
  • 40.126.31.73
  • 20.190.159.73
  • 40.126.31.69
  • 40.126.32.138
  • 20.190.160.14
  • 20.190.160.22
  • 40.126.32.68
  • 40.126.32.72
  • 40.126.32.133
  • 20.190.160.17
  • 40.126.32.134
whitelisted

Threats

PID
Process
Class
Message
928
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
msedge.exe
[1005/042821.526:ERROR:exception_handler_server.cc(525)] ConnectNamedPipe: The pipe is being closed. (0xE8)
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.google.com