URL:

https://malwarebytes.floppysoft.net/?etext=2202.fDSNpNDvploa9Br4Wfx66ZlRbfw4sUnfMy9G50369ZaHsd_bSFmoyYkjMdR23TswT8Lfv5oRKW_XXRPgVoJKJ4P0NY1M3SBPcTK9-EkZE7_dFEk_-SfnOFKq8h3_kqhy541E8sIt3N352Jg0J0i1qGFldnFidW5lbWpranBpYmc.baa766795926c666b6ef377a0684a9e6b4cbd403&yclid=13284514408173666303

Full analysis: https://app.any.run/tasks/314308b3-e2e4-49e8-8a9f-7543b3b64911
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: March 25, 2026, 02:21:48
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
websocket
stealer
opera
tool
delphi
inno
installer
screenconnect
rmm-tool
adware
innosetup
Indicators:
MD5:

5348B1E8BA54F925BA4F2870384BD399

SHA1:

4BAC16A6D288F3A88F7B7CDBD5B3216E318774D3

SHA256:

BE681A525E08AF3E269583673CD3B4C2483FCA9313AA664870C7A95C377C29AE

SSDEEP:

6:2nV9ZHpUvNzmGiz/I6HEOcWQagN2uj4+6cVudCUO97QdTcWM7YnAKIlveMEdCJn:2V9ZMN9hQgNHJ6yuEFJ6THhI+Yn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • MalwareBytes Soft down updown.exe (PID: 8508)

    • Runs injected code in another process

      • 61be0b467c7a930fc39d55351ca8e427.exe (PID: 9188)
      • 61be0b467c7a930fc39d55351ca8e427.exe (PID: 8692)
      • 61be0b467c7a930fc39d55351ca8e427.exe (PID: 9020)
      • 61be0b467c7a930fc39d55351ca8e427.exe (PID: 900)

    • Application was injected by another process

      • explorer.exe (PID: 4696)

    • Actions looks like stealing of personal data

      • seederexe.exe (PID: 9072)
      • lite_installer.exe (PID: 3320)
      • setup.exe (PID: 6012)
      • opera.exe (PID: 9180)
      • explorer.exe (PID: 12028)
      • clidmgr.exe (PID: 8512)
      • clidmgr.exe (PID: 10216)
      • csrss.exe (PID: 652)
      • csrss.exe (PID: 564)
      • browser.exe (PID: 11996)
      • browser.exe (PID: 9620)
      • browser.exe (PID: 10192)
      • browser.exe (PID: 10116)
      • browser.exe (PID: 10508)
      • browser.exe (PID: 9716)
      • browser.exe (PID: 9272)
      • browser.exe (PID: 9268)
      • browser.exe (PID: 10576)
      • browser.exe (PID: 9964)
      • browser.exe (PID: 2996)
      • browser.exe (PID: 3424)
      • browser.exe (PID: 8560)
      • browser.exe (PID: 7340)
      • browser.exe (PID: 7260)
      • browser.exe (PID: 8344)
      • 360TS_Setup.exe (PID: 6872)
      • MBAMService.exe (PID: 3156)

    • Steals credentials from Web Browsers

      • seederexe.exe (PID: 9072)
      • opera.exe (PID: 9180)
      • browser.exe (PID: 11996)

    • Changes the autorun value in the registry

      • assistant_installer.exe (PID: 8552)
      • opera.exe (PID: 9180)
      • browser.exe (PID: 11996)

    • Changes settings of System certificates

      • MBAMInstallerService.exe (PID: 8564)

    • INNOSETUP has been detected (SURICATA)

      • MalwareBytes Soft down updown.tmp (PID: 8528)

  • SUSPICIOUS

    • Reads the BIOS version

      • MBSetup.exe (PID: 8900)
      • MBAMService.exe (PID: 3156)

    • Executable content was dropped or overwritten

      • MalwareBytes Soft down updown.exe (PID: 8508)
      • MalwareBytes Soft down updown.tmp (PID: 8528)
      • 5b4028ca80f67247417879b952d68ccb.exe (PID: 9048)
      • a975e7f4930d6c6633ccc7e38f337140.exe (PID: 9028)
      • installer.exe (PID: 9128)
      • MBSetup.exe (PID: 8900)
      • Yandex.exe (PID: 5876)
      • lite_installer.exe (PID: 3320)
      • Opera_GX_assistant_128.0.5807.71_Setup.exe_sfx.exe (PID: 4480)
      • MBAMInstallerService.exe (PID: 8564)
      • installer.exe (PID: 8976)
      • installer.exe (PID: 8444)
      • MalinovkaInstaller.exe (PID: 8076)
      • assistant_installer.exe (PID: 8552)
      • yb9C2C.tmp (PID: 7960)
      • setup.exe (PID: 6012)
      • 360TS_Setup.exe (PID: 10596)
      • malinovka_core.exe (PID: 9828)
      • 360TS_Setup.exe (PID: 6872)
      • MBVpnTunnelService.exe (PID: 1108)
      • MBAMService.exe (PID: 8732)
      • MBAMService.exe (PID: 3156)

    • Reads the Windows owner or organization settings

      • MalwareBytes Soft down updown.tmp (PID: 8528)
      • msiexec.exe (PID: 8448)

    • Searches for installed software

      • MBSetup.exe (PID: 8900)
      • MBAMInstallerService.exe (PID: 8564)
      • installer.exe (PID: 8444)
      • browser_assistant.exe (PID: 4524)
      • setup.exe (PID: 6012)
      • Malwarebytes.exe (PID: 9748)

    • Creates files in the driver directory

      • MBSetup.exe (PID: 8900)
      • MBAMInstallerService.exe (PID: 8564)
      • MBVpnTunnelService.exe (PID: 1108)
      • MBAMService.exe (PID: 8732)
      • MBAMService.exe (PID: 3156)

    • The process verifies whether the antivirus software is installed

      • MBSetup.exe (PID: 8900)
      • MBAMInstallerService.exe (PID: 8564)
      • 360TS_Setup.exe (PID: 6872)
      • MBVpnTunnelService.exe (PID: 1108)
      • drvinst.exe (PID: 6076)
      • MBAMService.exe (PID: 8732)
      • MBAMService.exe (PID: 3156)
      • csrss.exe (PID: 652)
      • explorer.exe (PID: 4696)
      • Malwarebytes.exe (PID: 9748)

    • Application launched itself

      • installer.exe (PID: 9128)
      • installer.exe (PID: 8976)
      • explorer.exe (PID: 4696)
      • assistant_installer.exe (PID: 8392)
      • installer.exe (PID: 8444)
      • assistant_installer.exe (PID: 8552)
      • assistant_installer.exe (PID: 7096)
      • setup.exe (PID: 6012)
      • browser_assistant.exe (PID: 4524)
      • opera.exe (PID: 9180)
      • opera_autoupdate.exe (PID: 12236)
      • installer.exe (PID: 10380)
      • opera_autoupdate.exe (PID: 12084)
      • explorer.exe (PID: 12028)
      • browser.exe (PID: 11996)
      • opera_autoupdate.exe (PID: 10204)

    • Starts itself from another location

      • installer.exe (PID: 9128)
      • Yandex.exe (PID: 5876)
      • assistant_installer.exe (PID: 8552)
      • setup.exe (PID: 6012)
      • 360TS_Setup.exe (PID: 10596)

    • Executes as Windows Service

      • MBAMInstallerService.exe (PID: 8564)
      • MBAMService.exe (PID: 3156)

    • Changes the Home page of Internet Explorer

      • seederexe.exe (PID: 9072)

    • Changes the title of the Internet Explorer window

      • seederexe.exe (PID: 9072)

    • Reads Mozilla Firefox installation path

      • seederexe.exe (PID: 9072)
      • opera.exe (PID: 9180)
      • browser.exe (PID: 11996)

    • Possible stealing from browsers

      • seederexe.exe (PID: 9072)
      • opera_crashreporter.exe (PID: 4308)
      • opera.exe (PID: 9180)
      • opera_crashreporter.exe (PID: 4944)
      • opera_crashreporter.exe (PID: 7724)
      • opera_crashreporter.exe (PID: 4624)
      • opera_crashreporter.exe (PID: 6384)
      • browser_assistant.exe (PID: 3264)
      • browser_assistant.exe (PID: 4524)
      • opera_crashreporter.exe (PID: 8784)

    • The process creates files with name similar to system file names

      • Yandex.exe (PID: 5876)
      • MBAMInstallerService.exe (PID: 8564)
      • MalinovkaInstaller.exe (PID: 8076)
      • setup.exe (PID: 6012)

    • Drops 7-zip archiver for unpacking

      • MBAMInstallerService.exe (PID: 8564)
      • 360TS_Setup.exe (PID: 6872)

    • Drops a system driver (possible attempt to evade defenses)

      • MBAMInstallerService.exe (PID: 8564)
      • MBVpnTunnelService.exe (PID: 1108)
      • MBAMService.exe (PID: 8732)
      • drvinst.exe (PID: 6076)
      • MBAMService.exe (PID: 3156)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • MalinovkaInstaller.exe (PID: 8076)

    • Uses TASKKILL.EXE to kill process

      • MalinovkaInstaller.exe (PID: 8076)

    • Starts application with an unusual extension

      • {D8BFE991-F6E5-4AC7-A46C-A21C051E5E77}.exe (PID: 6096)

    • Reads the date of Windows installation

      • installer.exe (PID: 8444)
      • opera.exe (PID: 9180)
      • explorer.exe (PID: 12028)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 12084)

    • The process drops C-runtime libraries

      • MBAMInstallerService.exe (PID: 8564)

    • Creates file in the systems drive root

      • 360TS_Setup.exe (PID: 6872)

    • Changes Internet Explorer settings (feature browser emulation)

      • MBAMInstallerService.exe (PID: 8564)
      • MBAMService.exe (PID: 3156)

    • Adds/modifies Windows certificates

      • MBAMInstallerService.exe (PID: 8564)

    • Creates or modifies Windows services

      • MBAMService.exe (PID: 8732)

    • Creates/Modifies COM task schedule object

      • MBAMService.exe (PID: 3156)

    • Access to an unwanted program domain was detected

      • MalwareBytes Soft down updown.tmp (PID: 8528)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 7188)
      • msedge.exe (PID: 8500)
      • msedge.exe (PID: 9364)
      • msedge.exe (PID: 4240)
      • msedge.exe (PID: 8576)

    • Reads the computer name

      • identity_helper.exe (PID: 2724)
      • MalwareBytes Soft down updown.tmp (PID: 8528)
      • MBSetup.exe (PID: 8900)
      • a975e7f4930d6c6633ccc7e38f337140.exe (PID: 9028)
      • installer.exe (PID: 9128)
      • msiexec.exe (PID: 8448)
      • installer.exe (PID: 8976)
      • msiexec.exe (PID: 2132)
      • MBAMInstallerService.exe (PID: 8564)
      • lite_installer.exe (PID: 3320)
      • seederexe.exe (PID: 9072)
      • Yandex.exe (PID: 5876)
      • explorer.exe (PID: 8616)
      • sender.exe (PID: 8424)
      • {D8BFE991-F6E5-4AC7-A46C-A21C051E5E77}.exe (PID: 6096)
      • assistant_installer.exe (PID: 8392)
      • installer.exe (PID: 8444)
      • MalinovkaInstaller.exe (PID: 8076)
      • assistant_installer.exe (PID: 8552)
      • assistant_installer.exe (PID: 7096)
      • yb9C2C.tmp (PID: 7960)
      • setup.exe (PID: 6012)
      • opera.exe (PID: 5616)
      • opera.exe (PID: 9180)
      • opera.exe (PID: 6384)
      • opera.exe (PID: 8240)
      • opera.exe (PID: 8988)
      • opera.exe (PID: 5304)
      • opera.exe (PID: 8208)
      • opera.exe (PID: 8040)
      • opera_gx_splash.exe (PID: 9680)
      • opera.exe (PID: 9476)
      • opera_autoupdate.exe (PID: 12236)
      • opera_autoupdate.exe (PID: 12268)
      • opera_autoupdate.exe (PID: 12084)
      • browser_assistant.exe (PID: 4524)
      • installer.exe (PID: 10380)
      • opera_autoupdate.exe (PID: 10760)
      • explorer.exe (PID: 12028)
      • clidmgr.exe (PID: 8512)
      • malinovka.exe (PID: 11988)
      • malinovka_core.exe (PID: 9828)
      • browser.exe (PID: 11996)
      • opera_autoupdate.exe (PID: 10204)
      • clidmgr.exe (PID: 10216)
      • identity_helper.exe (PID: 10224)
      • opera_autoupdate.exe (PID: 10564)
      • browser.exe (PID: 10116)
      • browser.exe (PID: 10576)
      • browser.exe (PID: 9964)
      • browser.exe (PID: 9716)
      • browser.exe (PID: 9268)
      • 360TS_Setup.exe (PID: 6872)
      • 360TS_Setup.exe (PID: 10596)
      • identity_helper.exe (PID: 8244)
      • MBVpnTunnelService.exe (PID: 1108)
      • drvinst.exe (PID: 6076)
      • MBAMService.exe (PID: 8732)
      • MBAMService.exe (PID: 3156)
      • identity_helper.exe (PID: 12040)
      • Malwarebytes.exe (PID: 9748)
      • identity_helper.exe (PID: 6272)

    • Reads Environment values

      • identity_helper.exe (PID: 2724)
      • identity_helper.exe (PID: 10224)
      • identity_helper.exe (PID: 8244)
      • identity_helper.exe (PID: 12040)
      • MBAMService.exe (PID: 3156)
      • identity_helper.exe (PID: 6272)

    • Checks supported languages

      • identity_helper.exe (PID: 2724)
      • MalwareBytes Soft down updown.exe (PID: 8508)
      • MalwareBytes Soft down updown.tmp (PID: 8528)
      • MBSetup.exe (PID: 8900)
      • a975e7f4930d6c6633ccc7e38f337140.exe (PID: 9028)
      • 5b4028ca80f67247417879b952d68ccb.exe (PID: 9048)
      • installer.exe (PID: 9128)
      • installer.exe (PID: 9196)
      • 61be0b467c7a930fc39d55351ca8e427.exe (PID: 9188)
      • installer.exe (PID: 8464)
      • msiexec.exe (PID: 8448)
      • 61be0b467c7a930fc39d55351ca8e427.exe (PID: 8692)
      • installer.exe (PID: 8996)
      • 61be0b467c7a930fc39d55351ca8e427.exe (PID: 9020)
      • installer.exe (PID: 8976)
      • MBAMInstallerService.exe (PID: 8564)
      • msiexec.exe (PID: 2132)
      • seederexe.exe (PID: 9072)
      • 61be0b467c7a930fc39d55351ca8e427.exe (PID: 900)
      • lite_installer.exe (PID: 3320)
      • Yandex.exe (PID: 5876)
      • explorer.exe (PID: 8616)
      • {D8BFE991-F6E5-4AC7-A46C-A21C051E5E77}.exe (PID: 6096)
      • sender.exe (PID: 8424)
      • Opera_GX_assistant_128.0.5807.71_Setup.exe_sfx.exe (PID: 4480)
      • assistant_installer.exe (PID: 8392)
      • assistant_installer.exe (PID: 8616)
      • installer.exe (PID: 7672)
      • installer.exe (PID: 8444)
      • assistant_installer.exe (PID: 8552)
      • assistant_installer.exe (PID: 5160)
      • assistant_installer.exe (PID: 7096)
      • assistant_installer.exe (PID: 8148)
      • browser_assistant.exe (PID: 4524)
      • opera.exe (PID: 5616)
      • opera.exe (PID: 9180)
      • yb9C2C.tmp (PID: 7960)
      • setup.exe (PID: 6012)
      • setup.exe (PID: 2316)
      • opera_crashreporter.exe (PID: 4308)
      • opera_crashreporter.exe (PID: 4944)
      • opera_crashreporter.exe (PID: 8784)
      • MalinovkaInstaller.exe (PID: 8076)
      • browser_assistant.exe (PID: 3264)
      • opera.exe (PID: 8240)
      • opera_crashreporter.exe (PID: 7724)
      • opera.exe (PID: 8988)
      • opera_crashreporter.exe (PID: 4624)
      • opera_crashreporter.exe (PID: 6384)
      • opera.exe (PID: 5304)
      • opera.exe (PID: 8040)
      • opera.exe (PID: 8208)
      • opera.exe (PID: 9448)
      • opera.exe (PID: 9456)
      • opera.exe (PID: 9464)
      • opera.exe (PID: 9472)
      • opera.exe (PID: 9484)
      • opera_gx_splash.exe (PID: 9680)
      • opera.exe (PID: 10168)
      • opera.exe (PID: 10032)
      • opera.exe (PID: 10072)
      • opera.exe (PID: 10108)
      • opera.exe (PID: 9340)
      • opera.exe (PID: 9432)
      • opera.exe (PID: 9440)
      • opera.exe (PID: 10228)
      • opera.exe (PID: 9936)
      • opera.exe (PID: 9964)
      • opera.exe (PID: 9840)
      • opera.exe (PID: 9932)
      • opera.exe (PID: 9976)
      • opera.exe (PID: 9856)
      • opera.exe (PID: 10252)
      • opera.exe (PID: 10284)
      • opera.exe (PID: 7888)
      • opera.exe (PID: 10260)
      • opera.exe (PID: 10236)
      • opera.exe (PID: 7852)
      • opera.exe (PID: 9184)
      • opera.exe (PID: 10292)
      • opera.exe (PID: 10276)
      • opera.exe (PID: 9724)
      • opera.exe (PID: 10336)
      • opera.exe (PID: 10300)
      • opera.exe (PID: 10268)
      • opera.exe (PID: 10364)
      • opera.exe (PID: 9476)
      • opera.exe (PID: 10828)
      • opera.exe (PID: 9904)
      • opera.exe (PID: 11980)
      • opera.exe (PID: 11972)
      • opera.exe (PID: 12020)
      • opera_autoupdate.exe (PID: 12236)
      • opera_autoupdate.exe (PID: 12084)
      • opera_autoupdate.exe (PID: 12268)
      • installer.exe (PID: 10380)
      • installer.exe (PID: 12128)
      • opera.exe (PID: 12228)
      • opera_autoupdate.exe (PID: 10760)
      • opera.exe (PID: 6384)
      • explorer.exe (PID: 12028)
      • explorer.exe (PID: 11976)
      • opera.exe (PID: 12064)
      • opera.exe (PID: 12176)
      • opera.exe (PID: 9432)
      • clidmgr.exe (PID: 8512)
      • clidmgr.exe (PID: 10216)
      • malinovka_core.exe (PID: 9828)
      • malinovka.exe (PID: 11988)
      • browser.exe (PID: 9620)
      • browser.exe (PID: 11996)
      • opera_autoupdate.exe (PID: 10204)
      • opera_autoupdate.exe (PID: 10564)
      • browser.exe (PID: 10116)
      • browser.exe (PID: 10192)
      • identity_helper.exe (PID: 10224)
      • browser.exe (PID: 9964)
      • browser.exe (PID: 9272)
      • browser.exe (PID: 9268)
      • browser.exe (PID: 10576)
      • browser.exe (PID: 10508)
      • browser.exe (PID: 9716)
      • browser.exe (PID: 3424)
      • browser.exe (PID: 7260)
      • browser.exe (PID: 8560)
      • browser.exe (PID: 7340)
      • browser.exe (PID: 2996)
      • 360TS_Setup.exe (PID: 10596)
      • 360TS_Setup.exe (PID: 6872)
      • browser.exe (PID: 8344)
      • identity_helper.exe (PID: 8244)
      • MBVpnTunnelService.exe (PID: 1108)
      • drvinst.exe (PID: 6076)
      • MBAMService.exe (PID: 8732)
      • MBAMService.exe (PID: 3156)
      • identity_helper.exe (PID: 12040)
      • Malwarebytes.exe (PID: 9748)
      • identity_helper.exe (PID: 6272)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 4696)
      • MalwareBytes Soft down updown.tmp (PID: 8528)
      • a975e7f4930d6c6633ccc7e38f337140.exe (PID: 9028)
      • installer.exe (PID: 9128)
      • lite_installer.exe (PID: 3320)
      • Yandex.exe (PID: 5876)
      • explorer.exe (PID: 8616)
      • {D8BFE991-F6E5-4AC7-A46C-A21C051E5E77}.exe (PID: 6096)
      • explorer.exe (PID: 1352)
      • explorer.exe (PID: 8732)
      • setup.exe (PID: 6012)
      • installer.exe (PID: 8444)
      • browser_assistant.exe (PID: 4524)
      • explorer.exe (PID: 12028)
      • MalinovkaInstaller.exe (PID: 8076)
      • malinovka.exe (PID: 11988)
      • explorer.exe (PID: 7788)
      • explorer.exe (PID: 5524)
      • OpenWith.exe (PID: 2116)
      • 360TS_Setup.exe (PID: 6872)
      • explorer.exe (PID: 10088)
      • explorer.exe (PID: 9044)
      • MBAMService.exe (PID: 3156)
      • explorer.exe (PID: 7536)
      • explorer.exe (PID: 2452)

    • Create files in a temporary directory

      • MalwareBytes Soft down updown.exe (PID: 8508)
      • MalwareBytes Soft down updown.tmp (PID: 8528)
      • MBSetup.exe (PID: 8900)
      • 5b4028ca80f67247417879b952d68ccb.exe (PID: 9048)
      • a975e7f4930d6c6633ccc7e38f337140.exe (PID: 9028)
      • installer.exe (PID: 9128)
      • msiexec.exe (PID: 2132)
      • lite_installer.exe (PID: 3320)
      • seederexe.exe (PID: 9072)
      • Yandex.exe (PID: 5876)
      • {D8BFE991-F6E5-4AC7-A46C-A21C051E5E77}.exe (PID: 6096)
      • sender.exe (PID: 8424)
      • Opera_GX_assistant_128.0.5807.71_Setup.exe_sfx.exe (PID: 4480)
      • installer.exe (PID: 8444)
      • MalinovkaInstaller.exe (PID: 8076)
      • yb9C2C.tmp (PID: 7960)
      • setup.exe (PID: 6012)
      • opera.exe (PID: 9180)
      • browser.exe (PID: 11996)
      • browser.exe (PID: 9268)
      • 360TS_Setup.exe (PID: 10596)
      • 360TS_Setup.exe (PID: 6872)

    • Reads the machine GUID from the registry

      • MBSetup.exe (PID: 8900)
      • a975e7f4930d6c6633ccc7e38f337140.exe (PID: 9028)
      • msiexec.exe (PID: 8448)
      • installer.exe (PID: 9128)
      • seederexe.exe (PID: 9072)
      • lite_installer.exe (PID: 3320)
      • {D8BFE991-F6E5-4AC7-A46C-A21C051E5E77}.exe (PID: 6096)
      • installer.exe (PID: 8444)
      • setup.exe (PID: 6012)
      • browser_assistant.exe (PID: 4524)
      • opera.exe (PID: 9180)
      • opera_autoupdate.exe (PID: 12236)
      • opera_autoupdate.exe (PID: 12268)
      • opera_autoupdate.exe (PID: 12084)
      • opera_autoupdate.exe (PID: 10760)
      • explorer.exe (PID: 12028)
      • opera_autoupdate.exe (PID: 10564)
      • malinovka_core.exe (PID: 9828)
      • browser.exe (PID: 11996)
      • opera_autoupdate.exe (PID: 10204)
      • 360TS_Setup.exe (PID: 6872)
      • MBAMInstallerService.exe (PID: 8564)
      • drvinst.exe (PID: 6076)
      • MBAMService.exe (PID: 3156)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 7188)
      • msiexec.exe (PID: 8448)
      • msiexec.exe (PID: 2132)
      • msedge.exe (PID: 4328)

    • Creates files or folders in the user directory

      • MalwareBytes Soft down updown.tmp (PID: 8528)
      • installer.exe (PID: 9196)
      • installer.exe (PID: 9128)
      • explorer.exe (PID: 4696)
      • a975e7f4930d6c6633ccc7e38f337140.exe (PID: 9028)
      • msiexec.exe (PID: 8448)
      • msiexec.exe (PID: 2132)
      • seederexe.exe (PID: 9072)
      • lite_installer.exe (PID: 3320)
      • Yandex.exe (PID: 5876)
      • explorer.exe (PID: 8616)
      • {D8BFE991-F6E5-4AC7-A46C-A21C051E5E77}.exe (PID: 6096)
      • installer.exe (PID: 8976)
      • installer.exe (PID: 8444)
      • assistant_installer.exe (PID: 8552)
      • setup.exe (PID: 2316)
      • setup.exe (PID: 6012)
      • opera.exe (PID: 9180)
      • MalinovkaInstaller.exe (PID: 8076)
      • opera.exe (PID: 8040)
      • browser_assistant.exe (PID: 4524)
      • opera_autoupdate.exe (PID: 12236)
      • opera_autoupdate.exe (PID: 12268)
      • explorer.exe (PID: 12028)
      • browser.exe (PID: 11996)
      • browser.exe (PID: 10116)
      • 360TS_Setup.exe (PID: 6872)
      • Malwarebytes.exe (PID: 9748)

    • Detects InnoSetup installer (YARA)

      • MalwareBytes Soft down updown.tmp (PID: 8528)
      • MalwareBytes Soft down updown.exe (PID: 8508)

    • Compiled with Borland Delphi (YARA)

      • MalwareBytes Soft down updown.tmp (PID: 8528)
      • MalwareBytes Soft down updown.exe (PID: 8508)

    • Creates a software uninstall entry

      • MalwareBytes Soft down updown.tmp (PID: 8528)
      • Yandex.exe (PID: 5876)
      • installer.exe (PID: 8444)
      • setup.exe (PID: 6012)
      • MBAMInstallerService.exe (PID: 8564)

    • The sample compiled with english language support

      • 5b4028ca80f67247417879b952d68ccb.exe (PID: 9048)
      • MalwareBytes Soft down updown.tmp (PID: 8528)
      • a975e7f4930d6c6633ccc7e38f337140.exe (PID: 9028)
      • installer.exe (PID: 9128)
      • MBSetup.exe (PID: 8900)
      • lite_installer.exe (PID: 3320)
      • Opera_GX_assistant_128.0.5807.71_Setup.exe_sfx.exe (PID: 4480)
      • MBAMInstallerService.exe (PID: 8564)
      • installer.exe (PID: 8976)
      • installer.exe (PID: 8444)
      • assistant_installer.exe (PID: 8552)
      • MalinovkaInstaller.exe (PID: 8076)
      • yb9C2C.tmp (PID: 7960)
      • setup.exe (PID: 6012)
      • 360TS_Setup.exe (PID: 6872)
      • MBVpnTunnelService.exe (PID: 1108)
      • drvinst.exe (PID: 6076)
      • MBAMService.exe (PID: 8732)
      • MBAMService.exe (PID: 3156)

    • Creates files in the program directory

      • MBSetup.exe (PID: 8900)
      • MBAMInstallerService.exe (PID: 8564)
      • 360TS_Setup.exe (PID: 10596)
      • 360TS_Setup.exe (PID: 6872)
      • MBVpnTunnelService.exe (PID: 1108)
      • MBAMService.exe (PID: 3156)
      • Malwarebytes.exe (PID: 9748)

    • Disables trace logs

      • a975e7f4930d6c6633ccc7e38f337140.exe (PID: 9028)

    • The sample compiled with russian language support

      • msiexec.exe (PID: 2132)
      • msedge.exe (PID: 4328)
      • msedge.exe (PID: 7188)
      • MalinovkaInstaller.exe (PID: 8076)
      • setup.exe (PID: 6012)

    • Manual execution by a user

      • {D8BFE991-F6E5-4AC7-A46C-A21C051E5E77}.exe (PID: 6096)
      • explorer.exe (PID: 1352)
      • browser.exe (PID: 11996)
      • explorer.exe (PID: 7788)
      • explorer.exe (PID: 10088)
      • explorer.exe (PID: 7536)

    • The sample compiled with spanish language support

      • MBAMInstallerService.exe (PID: 8564)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 7188)

    • Launching a file from a Registry key

      • assistant_installer.exe (PID: 8552)
      • opera.exe (PID: 9180)
      • browser.exe (PID: 11996)

    • There is functionality for taking screenshot (YARA)

      • installer.exe (PID: 9128)

    • OPERA mutex has been found

      • opera.exe (PID: 9180)
      • browser_assistant.exe (PID: 4524)
      • opera_autoupdate.exe (PID: 12236)
      • opera_autoupdate.exe (PID: 10204)

    • The sample compiled with chinese language support

      • 360TS_Setup.exe (PID: 10596)
      • 360TS_Setup.exe (PID: 6872)

    • Changes settings of System certificates

      • drvinst.exe (PID: 6076)

    • Adds/modifies Windows certificates

      • drvinst.exe (PID: 6076)

    • CONNECTWISE has been detected

      • MBAMService.exe (PID: 3156)

    • Process checks whether UAC notifications are on

      • Malwarebytes.exe (PID: 9748)

    • The sample compiled with turkish language support

      • 360TS_Setup.exe (PID: 6872)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
399
Monitored processes
253
Malicious processes
39
Suspicious processes
15

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs malwarebytes soft down updown.exe #INNOSETUP malwarebytes soft down updown.tmp mbsetup.exe no specs mbsetup.exe a975e7f4930d6c6633ccc7e38f337140.exe no specs a975e7f4930d6c6633ccc7e38f337140.exe 5b4028ca80f67247417879b952d68ccb.exe installer.exe msiexec.exe no specs 61be0b467c7a930fc39d55351ca8e427.exe no specs installer.exe conhost.exe no specs msiexec.exe installer.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs 61be0b467c7a930fc39d55351ca8e427.exe no specs conhost.exe no specs installer.exe 61be0b467c7a930fc39d55351ca8e427.exe no specs installer.exe conhost.exe no specs mbaminstallerservice.exe msiexec.exe 61be0b467c7a930fc39d55351ca8e427.exe no specs conhost.exe no specs lite_installer.exe seederexe.exe yandex.exe explorer.exe no specs sender.exe {d8bfe991-f6e5-4ac7-a46c-a21c051e5e77}.exe opera_gx_assistant_128.0.5807.71_setup.exe_sfx.exe explorer.exe no specs assistant_installer.exe assistant_installer.exe explorer.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs installer.exe msedge.exe no specs installer.exe malinovkainstaller.exe no specs malinovkainstaller.exe msedge.exe no specs msedge.exe no specs assistant_installer.exe assistant_installer.exe assistant_installer.exe assistant_installer.exe browser_assistant.exe opera.exe no specs taskkill.exe no specs opera.exe conhost.exe no specs taskkill.exe no specs conhost.exe no specs yb9c2c.tmp setup.exe setup.exe no specs opera_crashreporter.exe opera_crashreporter.exe opera.exe no specs opera_crashreporter.exe browser_assistant.exe opera.exe no specs opera_crashreporter.exe opera.exe no specs opera_crashreporter.exe opera.exe no specs opera_crashreporter.exe unsecapp.exe no specs opera.exe no specs opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_gx_splash.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_autoupdate.exe no specs installer.exe opera.exe no specs opera_autoupdate.exe opera_autoupdate.exe opera_autoupdate.exe msedge.exe no specs explorer.exe explorer.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs clidmgr.exe conhost.exe no specs clidmgr.exe conhost.exe no specs malinovka.exe no specs malinovka_core.exe browser.exe browser.exe opera_autoupdate.exe opera_autoupdate.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe explorer.exe no specs explorer.exe no specs openwith.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs 360ts_setup.exe 360ts_setup.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs explorer.exe no specs explorer.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs mbvpntunnelservice.exe conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs drvinst.exe no specs msedge.exe no specs mbamservice.exe mbamservice.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs explorer.exe no specs explorer.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs malwarebytes.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs csrss.exe csrss.exe explorer.exe

Process information

PID
CMD
Path
Indicators
Parent process
352"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=8148,i,3255381688116041412,11703506686108592614,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
508"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=7076,i,3255381688116041412,11703506686108592614,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
564%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\System32\csrss.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Client Server Runtime Process
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winsrvext.dll
c:\windows\system32\combase.dll
c:\windows\system32\gdi32.dll
652%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\System32\csrss.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Client Server Runtime Process
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winsrvext.dll
c:\windows\system32\combase.dll
c:\windows\system32\user32.dll
728"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2472,i,10276558664438396178,13021219471265516073,262144 --variations-seed-version --mojo-platform-channel-handle=2796 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
812"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2460,i,1893212453149915137,9438941757447210279,262144 --variations-seed-version --mojo-platform-channel-handle=2452 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
900"C:\Users\admin\AppData\Local\Programs\MalwareBytes\61be0b467c7a930fc39d55351ca8e427.exe" "C:\Users\admin\AppData\Local\Programs\MalwareBytes\War Thunder.lnk" 5386C:\Users\admin\AppData\Local\Programs\MalwareBytes\61be0b467c7a930fc39d55351ca8e427.exeMalwareBytes Soft down updown.tmp
User:
admin
Company:
Technosys Corporation
Integrity Level:
MEDIUM
Description:
Pin To Taskbar
Exit code:
0
Version:
0.99.9.1
Modules
Images
c:\users\admin\appdata\local\programs\malwarebytes\61be0b467c7a930fc39d55351ca8e427.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1108\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exe61be0b467c7a930fc39d55351ca8e427.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1108"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtunC:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
MBAMInstallerService.exe
User:
SYSTEM
Company:
Malwarebytes
Integrity Level:
SYSTEM
Description:
MBVpnTunnelService.exe
Exit code:
0
Version:
5.0.0.101
Modules
Images
c:\program files\malwarebytes\anti-malware\mbvpntunnelservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
1352"C:\Windows\explorer.exe" "https://gtalauncher.ru/MalwareBytes/GTA"C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shcore.dll
Total events
222 589
Read events
220 156
Write events
2 281
Delete events
152

Modification events

(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
Operation:writeName:CheckSetting
Value:
23004100430042006C006F0062000000000000000000000001000000F408000024090000
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000603D0
Operation:writeName:VirtualDesktop
Value:
100000003030445602603FA5B72DE44882A417B3949BF781
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040412
Operation:writeName:VirtualDesktop
Value:
100000003030445602603FA5B72DE44882A417B3949BF781
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000080360
Operation:writeName:VirtualDesktop
Value:
100000003030445602603FA5B72DE44882A417B3949BF781
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000080360
Operation:delete keyName:(default)
Value:
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000603B6
Operation:writeName:VirtualDesktop
Value:
100000003030445602603FA5B72DE44882A417B3949BF781
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040324
Operation:writeName:VirtualDesktop
Value:
100000003030445602603FA5B72DE44882A417B3949BF781
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040324
Operation:delete keyName:(default)
Value:
(PID) Process:(8900) MBSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes
Operation:writeName:id
Value:
ddc712c4eaa74adca83283386952dacd
(PID) Process:(8900) MBSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Malwarebytes
Operation:writeName:id
Value:
ddc712c4eaa74adca83283386952dacd
Executable files
1 474
Suspicious files
2 556
Text files
1 860
Unknown types
7

Dropped files

PID
Process
Filename
Type
7188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFe00f6.TMP
MD5:
SHA256:
7188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
7188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFe0105.TMP
MD5:
SHA256:
7188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFe0105.TMP
MD5:
SHA256:
7188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
7188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
7188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFe0115.TMP
MD5:
SHA256:
7188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFe0115.TMP
MD5:
SHA256:
7188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
192
TCP/UDP connections
576
DNS requests
584
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4328
msedge.exe
GET
200
185.40.155.13:443
https://malwarebytes.floppysoft.net/css/styles.css
RU
text
22.3 Kb
unknown
4328
msedge.exe
GET
200
185.40.155.13:443
https://malwarebytes.floppysoft.net/images/download.png
RU
image
3.53 Kb
unknown
4328
msedge.exe
GET
200
185.40.155.13:443
https://malwarebytes.floppysoft.net/images/icon-1.png
RU
image
7.47 Kb
unknown
4328
msedge.exe
GET
200
185.40.155.13:443
https://malwarebytes.floppysoft.net/images/main.webp
RU
image
88.4 Kb
unknown
4328
msedge.exe
GET
200
185.40.155.13:443
https://malwarebytes.floppysoft.net/images/logotype.png
RU
image
4.77 Kb
unknown
4328
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=67&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0
US
text
4.59 Kb
whitelisted
4328
msedge.exe
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
314 b
whitelisted
GET
200
23.11.41.157:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
NL
binary
314 b
whitelisted
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D
US
binary
958 b
whitelisted
4328
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:jF49UJZGG_NmsKQk-lR-Jc0KlqFG9H3CUiWv__LFVRI&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
100 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
6076
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5276
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
48.192.1.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
184.86.251.22:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
23.11.41.157:80
ocsp.digicert.com
AKAMAI-AMS
NL
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
4328
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4328
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
  • 4.231.128.59
  • 20.73.194.208
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.64
whitelisted
www.bing.com
  • 184.86.251.22
  • 184.86.251.27
  • 2.16.204.141
  • 2.16.204.161
whitelisted
google.com
  • 172.217.168.78
whitelisted
ocsp.digicert.com
  • 23.11.41.157
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
  • 95.163.61.44
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
malwarebytes.floppysoft.net
  • 185.40.155.13
unknown
api.edgeoffer.microsoft.com
  • 150.171.109.101
  • 13.107.253.44
  • 13.107.226.44
  • 13.107.253.45
  • 13.107.226.45
whitelisted

Threats

PID
Process
Class
Message
4328
msedge.exe
Generic Protocol Command Decode
SURICATA HTTP request field missing colon
4328
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Websocket Upgrade Request
9028
a975e7f4930d6c6633ccc7e38f337140.exe
Misc activity
ET INFO Packed Executable Download
3320
lite_installer.exe
Misc activity
ET INFO EXE - Served Attached HTTP
8040
opera.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
8040
opera.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6076
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
8320
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
8528
MalwareBytes Soft down updown.tmp
Misc activity
ET INFO EXE - Served Attached HTTP
8528
MalwareBytes Soft down updown.tmp
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
Process
Message
installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
msiexec.exe
GetSidFromEnumSess(): i = 10 : szUserName = admin, szDomain = DESKTOP-JGLLJLD, dwSessionId = 0
msiexec.exe
GetSidFromEnumSess(): ProfileImagePath(12) = C:\Users\admin
msiexec.exe
GetSidFromEnumSess(): i = 1 : szUserName = admin, szDomain = DESKTOP-JGLLJLD, dwSessionId = 0
msiexec.exe
GetSidFromEnumSess(): i = 8 : szUserName = admin, szDomain = DESKTOP-JGLLJLD, dwSessionId = 0
msiexec.exe
GetSidFromEnumSess(): i = 9 : szUserName = admin, szDomain = DESKTOP-JGLLJLD, dwSessionId = 0
msiexec.exe
GetSidFromEnumSess(): i = 4 : szUserName = admin, szDomain = DESKTOP-JGLLJLD, dwSessionId = 0
msiexec.exe
GetSidFromEnumSess(): i = 11 : szUserName = admin, szDomain = DESKTOP-JGLLJLD, dwSessionId = 0
msiexec.exe
GetSidFromEnumSess(): i = 2 : szUserName = admin, szDomain = DESKTOP-JGLLJLD, dwSessionId = 0
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://malwarebytes.floppysoft.net/?etext=2202.fDSNpNDvploa9Br4Wfx66ZlRbfw4sUnfMy9G50369ZaHsd_bSFmoyYkjMdR23TswT8Lfv5oRKW_XXRPgVoJKJ4P0NY1M3SBPcTK9-EkZE7_dFEk_-SfnOFKq8h3_kqhy541E8sIt3N352Jg0J0i1qGFldnFidW5lbWpranBpYmc.baa766795926c666b6ef377a0684a9e6b4cbd403&yclid=13284514408173666303