URL:

https://www.bing.com/ck/a?!&&p=f6844d6dea796253JmltdHM9MTcwNTEwNDAwMCZpZ3VpZD0zMzAyYWMyNC0xMTFiLTZlNWYtMDVkMy1iZmMwMTAzMjZmNzgmaW5zaWQ9NTMzOA&ptn=3&ver=2&hsh=3&fclid=3302ac24-111b-6e5f-05d3-bfc010326f78&psq=garrys+mod+crack&u=a1aHR0cHM6Ly9zdGVhbXVubG9ja2VkLnByby9nYXJyeXMtbW9kLWZyZWUtZG93bmxvYWQv&ntb=1

Full analysis: https://app.any.run/tasks/943fcdb2-0e1a-4a3c-b25e-ff64b62f7a5a
Verdict: Malicious activity
Analysis date: January 13, 2024, 22:26:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

BF428EFB40AF32840BF809D807EED768

SHA1:

2A028E49E7DCD741C0CCCCD92A08732ABBD2E024

SHA256:

B19C1D97A29A1835134B143B67DADE63CA0F2CF8A03E7EC713F8CBCD6222EAC9

SSDEEP:

6:2OLsRtkUQQUOfOiM/DAroDfEDD7LHtWDU6isykvgKBaGLZMcnAy9vUX:2ii0AroDGrtWI5TGXAy9vm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • utweb_installer.exe (PID: 3848)
      • utweb_installer.exe (PID: 2164)
      • utweb_installer.tmp (PID: 3188)
      • utweb_installer.exe (PID: 3232)

  • SUSPICIOUS

    • Uses RUNDLL32.EXE to load library

      • msedge.exe (PID: 128)

    • Reads the Internet Settings

      • rundll32.exe (PID: 840)
      • utweb_installer.tmp (PID: 3188)
      • utweb_installer.exe (PID: 3232)
      • saBSI.exe (PID: 2156)

    • Executable content was dropped or overwritten

      • utweb_installer.exe (PID: 2164)
      • utweb_installer.tmp (PID: 3188)
      • utweb_installer.exe (PID: 3232)
      • utweb_installer.exe (PID: 3848)

    • Reads the Windows owner or organization settings

      • utweb_installer.tmp (PID: 3188)

    • Reads settings of System Certificates

      • utweb_installer.tmp (PID: 3188)

    • The process creates files with name similar to system file names

      • utweb_installer.exe (PID: 3232)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • utweb_installer.exe (PID: 3232)

    • Process drops legitimate windows executable

      • utweb_installer.exe (PID: 3232)

    • Checks Windows Trust Settings

      • saBSI.exe (PID: 2156)

    • Reads security settings of Internet Explorer

      • saBSI.exe (PID: 2156)

  • INFO

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 128)
      • msedge.exe (PID: 1652)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 1652)
      • msedge.exe (PID: 128)

    • Application launched itself

      • msedge.exe (PID: 128)
      • msedge.exe (PID: 1492)

    • The process uses the downloaded file

      • msedge.exe (PID: 3568)
      • msedge.exe (PID: 3656)
      • msedge.exe (PID: 128)

    • Create files in a temporary directory

      • utweb_installer.exe (PID: 3848)
      • utweb_installer.exe (PID: 2164)
      • utweb_installer.exe (PID: 3232)
      • utweb_installer.tmp (PID: 3188)

    • Checks supported languages

      • utweb_installer.exe (PID: 3848)
      • utweb_installer.exe (PID: 2164)
      • utweb_installer.tmp (PID: 3368)
      • utweb_installer.tmp (PID: 3188)
      • utweb_installer.exe (PID: 3232)
      • saBSI.exe (PID: 2156)

    • Reads the computer name

      • utweb_installer.tmp (PID: 3368)
      • utweb_installer.tmp (PID: 3188)
      • utweb_installer.exe (PID: 3232)
      • saBSI.exe (PID: 2156)

    • Reads the machine GUID from the registry

      • utweb_installer.tmp (PID: 3188)
      • utweb_installer.exe (PID: 3232)
      • saBSI.exe (PID: 2156)

    • Creates files or folders in the user directory

      • utweb_installer.exe (PID: 3232)

    • Checks proxy server information

      • utweb_installer.exe (PID: 3232)

    • Creates files in the program directory

      • saBSI.exe (PID: 2156)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
135
Monitored processes
95
Malicious processes
5
Suspicious processes
3

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs utweb_installer.exe utweb_installer.tmp no specs utweb_installer.exe utweb_installer.tmp msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs utweb_installer.exe sabsi.exe

Process information

PID
CMD
Path
Indicators
Parent process
128"C:\Program Files\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/ck/a?!&&p=f6844d6dea796253JmltdHM9MTcwNTEwNDAwMCZpZ3VpZD0zMzAyYWMyNC0xMTFiLTZlNWYtMDVkMy1iZmMwMTAzMjZmNzgmaW5zaWQ9NTMzOA&ptn=3&ver=2&hsh=3&fclid=3302ac24-111b-6e5f-05d3-bfc010326f78&psq=garrys+mod+crack&u=a1aHR0cHM6Ly9zdGVhbXVubG9ja2VkLnByby9nYXJyeXMtbW9kLWZyZWUtZG93bmxvYWQv&ntb=1"C:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
568"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3636 --field-trial-handle=1292,i,60888117607565323,15403154844997701070,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
568"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5280 --field-trial-handle=1292,i,60888117607565323,15403154844997701070,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
632"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=4960 --field-trial-handle=1292,i,60888117607565323,15403154844997701070,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
668"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4488 --field-trial-handle=1292,i,60888117607565323,15403154844997701070,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
840"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\Downloads\GTA IV - Complete Edition.torrentC:\Windows\System32\rundll32.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
968"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4100 --field-trial-handle=1292,i,60888117607565323,15403154844997701070,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1040"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1324 --field-trial-handle=1292,i,60888117607565323,15403154844997701070,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1104"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5420 --field-trial-handle=1292,i,60888117607565323,15403154844997701070,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1172"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4468 --field-trial-handle=1292,i,60888117607565323,15403154844997701070,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
18 504
Read events
18 325
Write events
176
Delete events
3

Modification events

(PID) Process:(128) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(128) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(128) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(128) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(128) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(128) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
1
(PID) Process:(128) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
8A1A1F2B695E2F00
(PID) Process:(128) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
(PID) Process:(128) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:usagestats
Value:
1
(PID) Process:(128) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:urlstats
Value:
1
Executable files
42
Suspicious files
600
Text files
97
Unknown types
0

Dropped files

PID
Process
Filename
Type
128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFdfb1a.TMP
MD5:
SHA256:
128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RFdfb48.TMP
MD5:
SHA256:
128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFdfbf4.TMP
MD5:
SHA256:
128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:A9B940DA81B2E13D048EBB32E79FA414
SHA256:9061129705411EA6CFDD34177BF841CC85EB857BA909D3C4AA69BE8A5C59A8B0
128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old~RFdfb1a.TMPtext
MD5:DC3DFB5AC4FB94152BBCC0A1072D0D87
SHA256:FDD5048837BDED85426AF270E6E08913657C1A12B1E40F6A67CF9487D7559FC9
128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old~RFdfba6.TMPtext
MD5:08BB7AA32D5D133695D6AFF014B63310
SHA256:326727FC6EE38D4D0C7FB581214F75495FDCAAF81A9C47A58B39DD747F215FDC
128msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.oldtext
MD5:BC5665331C6B5366D725CB1970BD7406
SHA256:5D33599D48DC5F3D65BA548DDBAE25868B979EABA17BC310F0D2C7543341F80D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
466
DNS requests
416
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1652
msedge.exe
GET
302
192.64.81.118:80
http://ifsnickshriek.click/c9b2l0k.php?key=eq83jffag2o1anxf8b64&SUB_ID_SHORT=329977bb490ebdec23e075c37f931659&COST_CPC=&PLACEMENT_ID=19332095&CAMPAIGN_ID=948786&DEVICE_BRAND=Unknown&BROWSER_NAME=Edge%20%28Chromium%29%20for%20Windows&USER_OS=Windows&USER_CARRIER=Cogent%20Communications&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%206.1%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F109.0.0.0%20Safari%2F537.36%20Edg%2F109.0.1518.115&REMOTE_LANGUAGE=11&BANNER_ID=2727008
unknown
unknown
1652
msedge.exe
GET
302
192.64.81.118:80
http://ifsnickshriek.click/c9b2l0k.php?key=eq83jffag2o1anxf8b64&SUB_ID_SHORT=32925ab3366d434806849c7ae141158b&COST_CPC=&PLACEMENT_ID=19332095&CAMPAIGN_ID=948786&DEVICE_BRAND=Unknown&BROWSER_NAME=Edge%20%28Chromium%29%20for%20Windows&USER_OS=Windows&USER_CARRIER=Cogent%20Communications&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%206.1%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F109.0.0.0%20Safari%2F537.36%20Edg%2F109.0.1518.115&REMOTE_LANGUAGE=11&BANNER_ID=2727008
unknown
unknown
1652
msedge.exe
GET
200
76.223.26.96:80
http://ww12.meforher.de/favicon.ico
unknown
compressed
20 b
unknown
1652
msedge.exe
GET
200
76.223.26.96:80
http://ww12.meforher.de/?uclick=hemyiby9dz&uclickhash=hemyiby9dz-hemyiby9dz-q5-0-fy-fyxibl-ktfy8n-a956b3&usid=17&utid=29932559647
unknown
binary
20 b
unknown
1652
msedge.exe
GET
302
72.52.179.174:80
http://meforher.de/?uclick=hemyiby9dz&uclickhash=hemyiby9dz-hemyiby9dz-q5-0-fy-fyxibl-ktfy8n-a956b3
unknown
unknown
1652
msedge.exe
GET
301
2.21.20.141:80
http://shell.windows.com/fileassoc/fileassoc.asp?Ext=torrent
unknown
unknown
1652
msedge.exe
GET
303
54.88.155.54:80
http://c.srvpcn.com/click?id=cmhgtan2ld3c73c981ug&e=47367876-1dc2-44c4-a12f-67fca69bf442&px=642&z=1
unknown
unknown
3232
utweb_installer.exe
POST
200
52.4.173.144:80
http://i-4101.b-5759.utweb.bench.utorrent.com/e?i=4101
unknown
binary
21 b
unknown
1652
msedge.exe
GET
302
65.21.84.133:80
http://myadsserver.com/cemyl5k.php?key=admaven
unknown
unknown
3232
utweb_installer.exe
POST
200
52.4.173.144:80
http://i-4101.b-5759.utweb.bench.utorrent.com/e?i=4101
unknown
binary
21 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
128
msedge.exe
239.255.255.250:1900
whitelisted
1652
msedge.exe
104.126.37.131:443
www.bing.com
Akamai International B.V.
DE
unknown
1652
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1652
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1652
msedge.exe
104.21.28.33:443
steamunlocked.pro
CLOUDFLARENET
unknown
1652
msedge.exe
20.103.180.120:443
nav-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
1652
msedge.exe
20.105.95.163:443
data-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown

DNS requests

Domain
IP
Reputation
www.bing.com
  • 104.126.37.131
  • 104.126.37.176
  • 104.126.37.171
  • 104.126.37.137
  • 104.126.37.123
  • 104.126.37.186
  • 104.126.37.177
  • 104.126.37.130
  • 104.126.37.178
  • 104.126.37.163
  • 104.126.37.144
  • 104.126.37.155
  • 104.126.37.162
  • 104.126.37.185
  • 104.126.37.128
  • 104.126.37.154
  • 104.126.37.170
  • 104.126.37.139
  • 104.126.37.153
  • 104.126.37.160
  • 104.126.37.179
  • 104.126.37.136
  • 104.126.37.145
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
steamunlocked.pro
  • 104.21.28.33
  • 172.67.170.58
unknown
nav-edge.smartscreen.microsoft.com
  • 20.103.180.120
  • 20.31.251.109
whitelisted
data-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
fonts.googleapis.com
  • 216.58.206.42
whitelisted
stats.wp.com
  • 192.0.76.3
whitelisted
steamunlocked.b-cdn.net
  • 169.150.247.39
  • 169.150.247.37
unknown
fonts.gstatic.com
  • 142.250.185.227
  • 142.250.186.163
whitelisted

Threats

PID
Process
Class
Message
1652
msedge.exe
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
1652
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code.jquery .com)
1652
msedge.exe
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
1652
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] A free CDN for open source projects (jsdelivr .net)
1652
msedge.exe
Potential Corporate Privacy Violation
AV POLICY Observed TikTok Domain in TLS SNI (tiktok.com)
1652
msedge.exe
Misc activity
ET INFO Observed Telegram Domain (t .me in TLS SNI)
3232
utweb_installer.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
3232
utweb_installer.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Process
Message
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-A3FLM.tmp\component0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-A3FLM.tmp\component0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-A3FLM.tmp\component0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-A3FLM.tmp\component0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-A3FLM.tmp\component0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-A3FLM.tmp\component0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.bing.com/ck/a?!&&p=f6844d6dea796253JmltdHM9MTcwNTEwNDAwMCZpZ3VpZD0zMzAyYWMyNC0xMTFiLTZlNWYtMDVkMy1iZmMwMTAzMjZmNzgmaW5zaWQ9NTMzOA&ptn=3&ver=2&hsh=3&fclid=3302ac24-111b-6e5f-05d3-bfc010326f78&psq=garrys+mod+crack&u=a1aHR0cHM6Ly9zdGVhbXVubG9ja2VkLnByby9nYXJyeXMtbW9kLWZyZWUtZG93bmxvYWQv&ntb=1