Malware analysis EmulatorHub.zip Malicious activity | ANY.RUN

Add for printing

File name:	EmulatorHub.zip
Full analysis:	https://app.any.run/tasks/048d745c-0019-4686-a224-481d965e0df3
Verdict:	Malicious activity
Analysis date:	June 07, 2025, 21:56:18
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	arch-doc
Indicators:
MIME:	application/zip
File info:	Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:	1D329FFB007E52D859153368639F7BED
SHA1:	DF1C3D0BDD9E5A69EC0B0ADD1E6E9183C6144C93
SHA256:	B50FEC51F9A4FC3341FCE4445A7960B859F4E149F38402F9ADA3FB9F1593A4D3
SSDEEP:	98304:7e89tUKcxmX3g5VhxNWYgsBFqSmS0w2Wruvx4HLyQsEVVldsk8+AbBwy13j8fpul:UBFOK45tCHF1KxJJMA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Process drops legitimate windows executable
  - WinRAR.exe (PID: 2652)
- The process creates files with name similar to system file names
  - WinRAR.exe (PID: 2652)
- Reads security settings of Internet Explorer
  - WinRAR.exe (PID: 2652)
  - EmulatorHub.exe (PID: 5548)
INFO
- The sample compiled with english language support
  - WinRAR.exe (PID: 2652)
  - msedge.exe (PID: 6920)
  - msedge.exe (PID: 2284)
  - msedge.exe (PID: 6344)
- Executable content was dropped or overwritten
  - WinRAR.exe (PID: 2652)
  - msedge.exe (PID: 6920)
  - msedge.exe (PID: 6344)
  - msedge.exe (PID: 2284)
- Checks supported languages
  - EmulatorHub.exe (PID: 5548)
  - identity_helper.exe (PID: 5588)
  - identity_helper.exe (PID: 3684)
- Creates files in the program directory
  - EmulatorHub.exe (PID: 5548)
- Reads the computer name
  - EmulatorHub.exe (PID: 5548)
  - identity_helper.exe (PID: 5588)
  - identity_helper.exe (PID: 3684)
- Application launched itself
  - msedge.exe (PID: 1452)
  - msedge.exe (PID: 6344)
  - msedge.exe (PID: 2088)
- Manual execution by a user
  - msedge.exe (PID: 6344)
- Connects to unusual port
  - msedge.exe (PID: 2284)
- Reads Environment values
  - identity_helper.exe (PID: 5588)
  - identity_helper.exe (PID: 3684)
- Reads the software policy settings
  - slui.exe (PID: 5552)
  - slui.exe (PID: 2088)
- Checks proxy server information
  - slui.exe (PID: 2088)
- Launching a file from the Downloads directory
  - msedge.exe (PID: 6344)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.zip	\|	ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion:	20
ZipBitFlag:	-
ZipCompression:	Deflated
ZipModifyDate:	2024:11:13 12:15:28
ZipCRC:	0x7798f956
ZipCompressedSize:	769737
ZipUncompressedSize:	1437056
ZipFileName:	clrjit.dll

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

233

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

208

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=4460 --field-trial-handle=2360,i,9608376222244698514,5610749406096076171,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

632

"C:\Users\admin\AppData\Local\Temp\Rar$EXa2652.19970\EmulatorHub.exe"

C:\Users\admin\AppData\Local\Temp\Rar$EXa2652.19970\EmulatorHub.exe

—

WinRAR.exe

User:

admin

Company:

Marcin Szeniak

Integrity Level:

MEDIUM

Description:

WinUpdateHelper

Exit code:

3221226540

Version:

5.8.2.0

Modules

Images
c:\users\admin\appdata\local\temp\rar$exa2652.19970\emulatorhub.exe
c:\windows\system32\ntdll.dll

660

\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

—

EmulatorHub.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Console Window Host

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

672

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=7336 --field-trial-handle=2360,i,9608376222244698514,5610749406096076171,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

704

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5136 --field-trial-handle=2368,i,10922741001453367200,1545606378191669911,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

924

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=3504 --field-trial-handle=2368,i,10922741001453367200,1545606378191669911,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1088

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5152 --field-trial-handle=2360,i,9608376222244698514,5610749406096076171,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1188

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5856 --field-trial-handle=2360,i,9608376222244698514,5610749406096076171,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1268

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5064 --field-trial-handle=2368,i,10922741001453367200,1545606378191669911,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1300

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=6300 --field-trial-handle=2360,i,9608376222244698514,5610749406096076171,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

13 782

Read events

13 720

Write events

Delete events

Modification events


(PID) Process:	(2652) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	3
Value: C:\Users\admin\Desktop\preferences.zip
(PID) Process:	(2652) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	2
Value: C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:	(2652) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	1
Value: C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:	(2652) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	0
Value: C:\Users\admin\AppData\Local\Temp\EmulatorHub.zip
(PID) Process:	(2652) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	name
Value: 120
(PID) Process:	(2652) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	size
Value: 80
(PID) Process:	(2652) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	type
Value: 120
(PID) Process:	(2652) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	mtime
Value: 100
(PID) Process:	(1452) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:	write	Name:	failed_count
Value: 0
(PID) Process:	(1452) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:	write	Name:	state
Value: 2

Add for printing

Executable files

Suspicious files

616

Text files

107

Unknown types

Dropped files

PID	Process	Filename		Type
2652	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa2652.19970\hostfxr.dll		executable
		MD5:A4431266F13F98D48A2F2B10FD2D8A71	SHA256:88945E1FD1B63C3D941F67E6CF161680F1288C97FB7AC6028D2645477708F124
2652	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa2652.19970\coreclr.dll		executable
		MD5:CBB2F646B9B2A67DAD68C35BBC7CB7C8	SHA256:C6E05A6D8433F111916F2B107B765A9159F41FA1C7A5D8E267645DBD6734D737
2652	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa2652.19970\System.Collections.dll		executable
		MD5:7F99540073810866C551A48BA22DBCDD	SHA256:12E621A0CFE6A28B22246BA06A65B832C9F11ACA62CA0222265906480F01B90C
2652	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa2652.19970\System.Runtime.InteropServices.dll		executable
		MD5:38B03B1D2CF2EC0882BDC35B75BAD949	SHA256:0AD8892C72E216A4C12793DD6045E3E88413B42716C2020DDB0CCE3266D12CB2
2652	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa2652.19970\EmulatorHub.exe		executable
		MD5:A614A895161A44B174F8B0C5E0D94ADF	SHA256:D6F67C596A3017FAB0F6908F38DE0F996FE8742DC7131D491343D128D96564F6
2652	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa2652.19970\System.Collections.NonGeneric.dll		executable
		MD5:8F0D421EB54E595F2153DD587565DD65	SHA256:647AAB7931AE16164379F9A0F5FC820C71057A5D1913D9845A1AA43892B3E4A1
2652	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa2652.19970\System.Diagnostics.Process.dll		executable
		MD5:A688B390880E4BA55B2A4E52A6EFB5C4	SHA256:B47FA6C38902EB8AF6745A6F968BBF79BA9E35C7B41D9D48975D87B1F8BFAA59
2652	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa2652.19970\hostpolicy.dll		executable
		MD5:04AEBB8B06CBFA10DE7225F2AE76F98F	SHA256:BFC1C6DD5EED11E15882A3D9E85C63A942A10F81C82D21BB0E7A190BA2D49A91
1452	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State~RF121db2.TMP		—
		MD5:—	SHA256:—
2652	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa2652.19970\clrjit.dll		executable
		MD5:92795535F2855D02685A78985D2F3D28	SHA256:7399B0EFE5B3D0A9656F35A7317C9210DFDA4374FBBA7B2FD07671A5855A9345

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

128

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
6028	svchost.exe	GET	206	208.89.74.19:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b96d4ca8-86b5-4bcc-9b2f-8200e97368c2?P1=1749818640&P2=404&P3=2&P4=mXoKkZE%2fpuq6jXFxm4S2CwQYABw79PVIo8o9TobyT%2bnlcLNqO%2fdfsTW5C6S9gva3NeA7XkeIwwWZNNkgcvgYJw%3d%3d	unknown	—	—	whitelisted
6028	svchost.exe	GET	206	208.89.74.19:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b96d4ca8-86b5-4bcc-9b2f-8200e97368c2?P1=1749818640&P2=404&P3=2&P4=mXoKkZE%2fpuq6jXFxm4S2CwQYABw79PVIo8o9TobyT%2bnlcLNqO%2fdfsTW5C6S9gva3NeA7XkeIwwWZNNkgcvgYJw%3d%3d	unknown	—	—	whitelisted
6028	svchost.exe	GET	206	208.89.74.19:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b96d4ca8-86b5-4bcc-9b2f-8200e97368c2?P1=1749818640&P2=404&P3=2&P4=mXoKkZE%2fpuq6jXFxm4S2CwQYABw79PVIo8o9TobyT%2bnlcLNqO%2fdfsTW5C6S9gva3NeA7XkeIwwWZNNkgcvgYJw%3d%3d	unknown	—	—	whitelisted
5496	MoUsoCoreWorker.exe	GET	200	23.48.23.193:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
5496	MoUsoCoreWorker.exe	GET	200	2.23.181.156:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
6544	svchost.exe	GET	200	2.23.77.188:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
8012	SIHClient.exe	GET	200	2.23.181.156:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
8012	SIHClient.exe	GET	200	2.23.181.156:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted
6028	svchost.exe	HEAD	200	208.89.74.19:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d6657c24-83fb-4293-9f47-78f2c45a989f?P1=1749890238&P2=404&P3=2&P4=Lt8uHhoYVmFrfHW0%2fmzsPqOkFSrMIUv9%2fXYxwQCacyzRfVbxfWdqXcyfJ614YfaY2BT8z87HvgCdNKh7ud8zfg%3d%3d	unknown	—	—	whitelisted
2924	SearchApp.exe	GET	200	2.23.77.188:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
2088	RUXIMICS.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
—	—	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
5496	MoUsoCoreWorker.exe	23.48.23.193:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
5496	MoUsoCoreWorker.exe	2.23.181.156:80	www.microsoft.com	AKAMAI-AS	DE	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
7552	svchost.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
6344	msedge.exe	239.255.255.250:1900	—	—	—	whitelisted
2284	msedge.exe	13.107.42.16:443	config.edge.skype.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
2284	msedge.exe	150.171.28.11:443	edge.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	40.127.240.158	whitelisted
crl.microsoft.com	23.48.23.193 23.48.23.156 23.48.23.145 23.48.23.190 23.48.23.194 23.48.23.143 23.48.23.183 23.48.23.180 23.48.23.147	whitelisted
google.com	142.250.186.110	whitelisted
www.microsoft.com	2.23.181.156	whitelisted
config.edge.skype.com	13.107.42.16	whitelisted
edge.microsoft.com	150.171.28.11 150.171.27.11	whitelisted
igk.filexspace.com	104.21.112.1 104.21.96.1 104.21.80.1 104.21.64.1 104.21.48.1 104.21.32.1 104.21.16.1	whitelisted
edge-mobile-static.azureedge.net	13.107.253.45	whitelisted
business.bing.com	13.107.6.158	whitelisted
okrius.live	172.67.165.172 104.21.11.83	unknown

Threats

PID	Process	Class	Message
2284	msedge.exe	Potentially Bad Traffic	ET INFO DNS Query for Suspicious .icu Domain
2284	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
2284	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
2284	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
2284	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
2284	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
2284	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
2284	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
2284	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
2284	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)

Add for printing

No debug info

General Info

EmulatorHub.zip

1D329FFB007E52D859153368639F7BED

DF1C3D0BDD9E5A69EC0B0ADD1E6E9183C6144C93

B50FEC51F9A4FC3341FCE4445A7960B859F4E149F38402F9ADA3FB9F1593A4D3

98304:7e89tUKcxmX3g5VhxNWYgsBFqSmS0w2Wruvx4HLyQsEVVldsk8+AbBwy13j8fpul:UBFOK45tCHF1KxJJMA

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Process drops legitimate windows executable

The process creates files with name similar to system file names

Reads security settings of Internet Explorer

INFO

The sample compiled with english language support

Executable content was dropped or overwritten

Checks supported languages

Creates files in the program directory

Reads the computer name

Application launched itself

Manual execution by a user

Connects to unusual port

Reads Environment values

Reads the software policy settings

Checks proxy server information

Launching a file from the Downloads directory

Malware configuration

Static information

TRiD

EXIF

ZIP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings